cURL / Mailing Lists / curl-library / Single Mail


Re: [PATCH] Cookies with blank expiry date

From: Dima Barsky <>
Date: Sat, 24 Oct 2009 21:11:45 +0100

On Wed, 14 Oct 2009, Daniel Stenberg wrote:

> Based on feedback I got on the http-state mailing list from a Firefox
> developer on this topic, we should probably consider making _all_ failures
> to parse the expire date as a reason to switch it to a session cookie and
> not just on blank dates, as that seems to be what Firefox does. (Still to
> be found out how others deal with such cookies)

As discussed, I tested several browsers with these cookies:

1. EmptyDate cookie: "Expires="
2. BadDate cookie: "Expires=sometime"
3. ExtraCharsAfterDate: "Expires=Sun, 25-Oct-2009 20:15:56 GMT extra symbols"

The following three browsers behave in the same way, they treat EmptyDate
and BadDate as session cookies, but recognise the expiry date on the third

        MSIE 8.0 on Win XP SP3
        Firefox 3.5.3 on Win XP SP3
        Epiphany (WebKit) 2.28.0 on Ubuntu 9.10

The only exception was Konqueror/4.3 (KHTML/4.3.2), it treats all three as
session cookies.

Considering the above, I agree with Daniel, I think that any failure to parse
the cookie date in CURL should make it a session cookie. The patch against the
CVS HEAD is enclosed.


List admin:

Received on 2009-10-24