[Mailman-Developers] Cookie problems
Dan Mick
Dan.Mick@west.sun.com
Mon, 17 Jul 2000 22:59:17 -0700
So, as I noted on mailman-users, I've been spending some time examining the cookie stuff.
I found two things that raised my hackles a bit:
1) MakeCookie (in SecurityManager.py) is careful to keep track of "expires" as an int
(converting the 'issued' time to int before adding ADMIN_COOKIE_LIFE), but "issued"
remains a float. Floats for hard comparisons always make my hackles rise.
2) MakeCookie sets c[key]['expires'] to mm_cfg.ADMIN_COOKIE_LIFE, not to
'expires', which is calculated above; that means the cookie object doesn't
have the 'issued' time added into its 'expires' field. Given that
MakeCookie is apparently the source of the HTTP output, this seems wrong too..
seems like the Expires time is always going to be just the lifetime, not
the actual expiry date.
Am I misreading something?