ZF-5963: Cookie with "invalid" expiration timestamp interpreted as expired cookie


When a cookie object is created using the Zend_Http_Cookie::fromString($cookieStr, $refUri) function, and $cookieStr contains an expiration timestamp that is invalid according to strtotime(), Zend_Http_Cookie will treat the cookie as expired. A better behavior would be to never expire the cookie, as strtotime() can reject certain dates that are too far in the future.

As an example, I had a web server that identified itself as Microsoft-IIS/6.0 return a cookie with an expiration timestamp of "Fri, 01-Mar-2109 00:19:21 GMT", which Zend_Http_Cookie treated as expired.

I am attaching a patch that fixes this issue.


Are you sure this still happens? There was a patch added a while back to use Zend_Date if strtotime fails. This should have worked around this problem. If this still happens, let me know what PHP version you are running, on what system (32 bit or 64 bit) and what ZF version of course.



Yes, the changes from r14376 and r14530 seem to have fixed this problem. I'm closing this issue. Thanks!