Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cookies with a 0 epoch expiry aren't treated as expired #1952

Closed
neerolyte opened this issue Nov 9, 2017 · 8 comments
Closed

Cookies with a 0 epoch expiry aren't treated as expired #1952

neerolyte opened this issue Nov 9, 2017 · 8 comments
Assignees
@sagikazarmark
Labels
kind/bug
Milestone
6.3.1

Comments

@neerolyte
Copy link
Contributor

neerolyte commented Nov 9, 2017
edited

Q A
Bug? yes
New Feature? no
Version 6.3

Actual Behavior

What is the actual behavior?

Cookies with an expiry of Thu, 01 Jan 1970 00:00:00 GMT are reporting isExpired() as false.

Expected Behavior

What is the behavior you expect?

They should report as expired.

Steps to Reproduce

Run this code:

<?php
require_once('vendor/autoload.php');
use GuzzleHttp\Cookie\SetCookie;
echo "0: ".var_export(SetCookie::fromString('SESSION=destroy; expires=Thu, 01 Jan 1970 00:00:00 GMT;')->isExpired(), true)."\n";
echo "1: ".var_export(SetCookie::fromString('SESSION=destroy; expires=Thu, 01 Jan 1970 00:00:01 GMT;')->isExpired(), true)."\n";

You'll get:

$ php foo.php
0: false <--- should be true
1: true

Possible Solutions

The current check in SetCookie::isExpired() is:

return $this->getExpires() && time() > $this->getExpires();

I believe it should check getExpires() for null rather than just implicitly casting it to bool, e.g:

return $this->getExpires() !== null && time() > $this->getExpires();
@neerolyte
Copy link
Contributor Author

I've worked around this by avoiding the use GuzzleHttp\Cookie\CookieJar and instead overloading it with a check that adjusts 0 values to 1 (which will still always be enough in the past to be immediately expired):

class CookieJar extends GuzzleHttp\Cookie\CookieJar {
	public function setCookie(GuzzleHttp\Cookie\SetCookie $cookie) {
		if ($cookie->getExpires() === 0) {
			$cookie->setExpires(1);
		}
		return parent::setCookie($cookie);
	}
}

@neerolyte
Copy link
Contributor Author

Is this project still active?

@sagikazarmark
Copy link
Member

If you have a proper solution PRs are always welcome.

neerolyte added a commit to neerolyte/guzzle that referenced this issue Feb 16, 2018
@neerolyte
Fix bug parsing 0 epoch expiry times
2a7d3a4 
As per guzzle#1952 expiry times
specified as "Thu, 01 Jan 1970 00:00:00 GMT" should be treated as
expired, but they weren't because 0 was implicitly casting to a bool in
SetCookie::isExpired().
@neerolyte neerolyte mentioned this issue Feb 16, 2018
Merged
@neerolyte
Copy link
Contributor Author

Ok, I've added a PR to master with the solution I suggested in the description.

The PR is against master, but this is a problem in the 5.3 release too - do you want a PR against that branch as well?

@neerolyte
Copy link
Contributor Author

So is the PR I've provided sufficient, do I need to do anything else to progress this?

@sagikazarmark sagikazarmark self-assigned this Feb 27, 2018
@sagikazarmark
Copy link
Member

Yes both the PR and the bug report are great, sorry for the delay. Patch release will be out in a few days.

@sagikazarmark sagikazarmark added this to the 6.3.1 milestone Feb 27, 2018
@sagikazarmark
Copy link
Member

@neerolyte yeah, a PR against 5.3 branch would be nice too. In the meantime I will merge the PR and tag a patch release for 6.x

@sagikazarmark
Copy link
Member

Fixed in #2014

neerolyte added a commit to neerolyte/guzzle that referenced this issue Apr 3, 2018
@neerolyte
Fix bug parsing 0 epoch expiry times
1ae1d86 
As per guzzle#1952 expiry times
specified as "Thu, 01 Jan 1970 00:00:00 GMT" should be treated as
expired, but they weren't because 0 was implicitly casting to a bool in
SetCookie::isExpired().
@neerolyte neerolyte mentioned this issue Apr 3, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sagikazarmark sagikazarmark

Labels
kind/bug
Projects
None yet
Milestone
6.3.1
Development

No branches or pull requests
2 participants
@neerolyte @sagikazarmark