-
-
Notifications
You must be signed in to change notification settings - Fork 6.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cookies: the max expire time is 400 days #13543
base: master
Are you sure you want to change the base?
Conversation
The draft is now in working group last call and I consider it likely that this wording is going to end up in a final version of the document. The biggest flaw I think right now is that this change requires a debug build to be properly tested - since we want to set a fake time to be able to verify this correctly. |
@danielgustafsson I brought this back for consideration |
Thanks! I think we should pursue this, will take it for a spin tomorrow for a review. |
It still rubs me the wrong way that we need to fudge dates with debug builds. I'm going to have one more go at creating a test which doesn't need that and if that fails we'll just go with this I reckon. |
draft-ietf-httpbis-rfc6265bis-14 says: "The limit SHOULD NOT be greater than 400 days (34560000 seconds) in duration. The RECOMMENDED limit is 400 days in duration, but the user agent MAY adjust the limit. Max-Age attributes that are greater than the limit MUST be reduced to the limit."
af7c35f
to
bb730a9
Compare
#ifdef DEBUGBUILD | ||
char *timestr = getenv("CURL_TIME"); | ||
if(timestr) { | ||
unsigned long val = strtol(timestr, NULL, 10); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
unsigned long val = strtol(timestr, NULL, 10); | |
long val = strtol(timestr, NULL, 10); |
(or maybe change to strtoul()
)
draft-ietf-httpbis-rfc6265bis-14 says:
"The limit SHOULD NOT be greater than 400 days (34560000 seconds) in
duration. The RECOMMENDED limit is 400 days in duration, but the user
agent MAY adjust the limit. Max-Age attributes that are greater than
the limit MUST be reduced to the limit."