web icon indicating copy to clipboard operation
web copied to clipboard
verified publisher icon hoisie

cookie age hardcoded

Open sbunce opened this issue 15 years ago • 1 comments

web.go line 78

The cookie age parameter is ignored. The cookie expiration is hard-coded for 30 minutes.

I think the SetCookie function should be replaced with this:


//Sets a cookie -- duration is the amount of time in seconds. 0 = forever
func (ctx *Context) SetCookie(name string, value string, age int64) {
    var utctime *time.Time
    if age == 0 {
        // 2^31 - 1 seconds (roughly 2038)
        utctime = time.SecondsToUTC(2147483647)
    } else {
        utctime = time.SecondsToUTC(time.UTC().Seconds() + age)
    }
    cookie := fmt.Sprintf("%s=%s; expires=%s", name, value, webTime(utctime))
    ctx.SetHeader("Set-Cookie", cookie, false)
}

I dug around in the HTTP RFC and googled my heart out and I couldn't find the max allowed value of "expires". I figure 2^31 - 1 (sometime in 2038) is a reasonable value of "forever".

BTW web.go is awesome! :-)

sbunce avatar Nov 21 '10 06:11 sbunce

I recommend using zero to indicate session cookies (no expiration specified). If somebody wants an expiration the far future, then let them set it explicitly.

garyburd avatar Nov 21 '10 07:11 garyburd

garyburd's suggestion is more consistent with the way things are normally done.

When expiration is not specified on a cookie it is deleted whenever the browser restarts.

sbunce avatar Nov 21 '10 07:11 sbunce