[New-bugs-announce] [issue22296] cookielib uses time.time(), making incorrect checks of expiration times in cookies
Rebecka
report at bugs.python.org
Fri Aug 29 12:00:50 CEST 2014
New submission from Rebecka:
The cookielib module uses time.time(), which produces a timestamp in the local timezone (as read from the system time?), as the timestamp against which expiration dates in cookies are compared.
However, typical usage of HTTP cookies would be specifying the expiration date in UTC. This assumption seems to be supported for example by the inclusion of cookielib.http2time, which (only) supports UTC timestamps.
This behaviour is also included in e.g. MozillaCookieJar, which (erroneously) excludes cookies from being saved/loaded based on the local timestamp from time.time().
See the attached file for a small example where the check if a cookie is expired against a UTC time is correct but the check against local time fails (simulating the behaviour of the cookielib module).
----------
components: Library (Lib)
files: cookie_timestamp_test.py
messages: 226056
nosy: regu0004
priority: normal
severity: normal
status: open
title: cookielib uses time.time(), making incorrect checks of expiration times in cookies
type: behavior
versions: Python 2.7
Added file: http://bugs.python.org/file36502/cookie_timestamp_test.py
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue22296>
_______________________________________
More information about the New-bugs-announce
mailing list