ZF-5963: Cookie with "invalid" expiration timestamp interpreted as expired cookie

Issue Type: Bug Created: 2009-03-07T15:11:40.000+0000 Last Updated: 2009-07-27T23:08:37.000+0000 Status: Resolved Fix version(s): - 1.7.8 (30/Mar/09)

Reporter: Alex Adriaanse (alexadriaanse) Assignee: Shahar Evron (shahar) Tags: - Zend_Http_Cookie

Related issues: Attachments: - Zend_Http_Cookie_invalid_expiration_fix.patch


When a cookie object is created using the Zend_Http_Cookie::fromString($cookieStr, $refUri) function, and $cookieStr contains an expiration timestamp that is invalid according to strtotime(), Zend_Http_Cookie will treat the cookie as expired. A better behavior would be to never expire the cookie, as strtotime() can reject certain dates that are too far in the future.

As an example, I had a web server that identified itself as Microsoft-IIS/6.0 return a cookie with an expiration timestamp of "Fri, 01-Mar-2109 00:19:21 GMT", which Zend_Http_Cookie treated as expired.

I am attaching a patch that fixes this issue.


Posted by Shahar Evron (shahar) on 2009-07-26T01:42:28.000+0000

Are you sure this still happens? There was a patch added a while back to use Zend_Date if strtotime fails. This should have worked around this problem. If this still happens, let me know what PHP version you are running, on what system (32 bit or 64 bit) and what ZF version of course.



Posted by Alex Adriaanse (alexadriaanse) on 2009-07-27T23:08:31.000+0000

Yes, the changes from r14376 and r14530 seem to have fixed this problem. I'm closing this issue. Thanks!

Have you found an issue?

See the Overview section for more details.


© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.