net/http: fix cookie Expires minimum year to 1601 instead of Epoch year 1970
Following RFC 6265 Section 5.1.1.5, ensure that the minimum year for which an Expires value is valid and can be included in the cookie's string, is 1601 instead of the Epoch year 1970. A detailed specification for parsing the Expiry field is at: https://tools.ietf.org/html/rfc6265#section-5.2.1 I stumbled across this bug due to this StackOverflow answer that recommends setting the Expiry to the Epoch: http://stackoverflow.com/a/5285982 Fixes #17632 Change-Id: I3c1bdf821d369320334a5dc1e4bf22783cbfe9fc Reviewed-on: https://go-review.googlesource.com/32142Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
Showing
Please register or sign in to comment