Hey all,
Rails (or some used module) uses Time.gmtime.rfc2822
for the expires field. That looks something like this
Mon, 30 Jan 2017 22:37:51 -0000
But following the cookie RFC not RFC 2822 but RFC 2616 should be used. The most used format is the one defined by RFC 1233 (also according to MDN). That looks like this
Mon, 30 Jan 2017 22:37:51 GMT
Some background information:
I’m running ruby 2.4.0, rails 5.0.1
I ran into this while debugging a rally strange bug I faced today.:
Im setting a cookie like this in a redirect response
cookies[:remember_token] = {
:value => remember_token,
:expires => 1.day.from_now,
:httponly => true
}
``
But Chromium 53.0.2785.143 simply ignores it when set in dev environment (i.e. from localhost). It works on deployment server though (maybe because it’s using https?).
Locally it also breaks using
:expires => 9.months.from_now,
``
but super strangely works using
:expires => 10.months.from_now,
The issue also resolves when not using en expiration date at all.
On Opera all versions work.
I thought this might be related to the time format (just because I have no further ideas).
Any thoughts on this? Is it worth opening an issue und GitHub? Do you have an idea how to fix?