[jboss-jira] [JBoss JIRA] (WFLY-3537) Cookie “Expires” attribute points to a date in the past when Max-Age == 30 days
Anubis TheGreat (JIRA)
issues at jboss.org
Mon Jun 23 13:02:24 EDT 2014
[ https://issues.jboss.org/browse/WFLY-3537?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anubis TheGreat updated WFLY-3537:
----------------------------------
Workaround Description:
As I wrote in my thread on stackoverflow there's a workaround for this issue. Cookie header must be constructed manually in the following way:
protected void set(final String name, final String value, final long maximumAgeInSeconds, final HttpServletRequest request)
{
// ServletActionContext.getResponse().addCookie(newInstance(name, value, maximumAgeInSeconds, request));
ServletActionContext.getResponse().addHeader("Set-Cookie", cookieValue(name, value, maximumAge, request));
}
protected static String cookieValue(final String name, final String value, final long maximumAgeInSeconds, final HttpServletRequest request)
{
final SimpleDateFormat cookieExpiresHeaderFormat = new SimpleDateFormat("EEE, dd-MMM-yyyy HH:mm:ss zzz");
cookieExpiresHeaderFormat.setTimeZone(new SimpleTimeZone(0, "GMT"));
final Date d = new Date();
d.setTime(d.getTime() + maximumAgeInSeconds * 1000L);
final String cookieLifeTime = cookieExpiresHeaderFormat.format(d);
return name + "=" + value + "; Expires=" + cookieLifeTime + "; Max-Age=" + maximumAge + "; Path=" + request.getContextPath();
}
was:
As I wrote in my thread on stackoverflow there's a workaround for this. Cookie header must be constructed manually like this:
protected void set(final String name, final String value, final long maximumAgeInSeconds, final HttpServletRequest request)
{
// ServletActionContext.getResponse().addCookie(newInstance(name, value, maximumAgeInSeconds, request));
ServletActionContext.getResponse().addHeader("Set-Cookie", cookieValue(name, value, maximumAge, request));
}
protected static String cookieValue(final String name, final String value, final long maximumAgeInSeconds, final HttpServletRequest request)
{
final SimpleDateFormat cookieExpiresHeaderFormat = new SimpleDateFormat("EEE, dd-MMM-yyyy HH:mm:ss zzz");
cookieExpiresHeaderFormat.setTimeZone(new SimpleTimeZone(0, "GMT"));
final Date d = new Date();
d.setTime(d.getTime() + maximumAgeInSeconds * 1000L);
final String cookieLifeTime = cookieExpiresHeaderFormat.format(d);
return name + "=" + value + "; Expires=" + cookieLifeTime + "; Max-Age=" + maximumAge + "; Path=" + request.getContextPath();
}
> Cookie “Expires” attribute points to a date in the past when Max-Age == 30 days
> -------------------------------------------------------------------------------
>
> Key: WFLY-3537
> URL: https://issues.jboss.org/browse/WFLY-3537
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Affects Versions: 8.0.0.Final
> Environment: XUbuntu 14.01
> Reporter: Anubis TheGreat
> Assignee: Jason Greene
>
> I've documented that here:
> http://stackoverflow.com/questions/24351257/expires-attribute-points-to-a-date-in-the-past
> and answered myself.
> The problem came out after upgrading (from Jboss 7) to Wildfly. It's not possible to set a cookie for more than MaxInt (in miliseconds) time for IE browsers which does not support Max-Age but rely on "Expires" attribute, which in this case is calculated wrong.
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)
More information about the jboss-jira
mailing list