Incompatibility with Apache Http Client 4.x due to Cookie Expires date format

**Describe the bug**
With Commit https://github.com/spring-projects/spring-session/commit/00465a6f00bef564796c4a34a9228efb5fe6ede9  you created your own implementation of the Set-Cookie header in DefaultCookieSerializer.writeCookieValue(...). But the date format in the `Expires` field is not spec compliant to the [Netscape Draft spec](http://web.archive.org/web/20020803110822/http://wp.netscape.com/newsref/std/cookie_spec.html). With the change you set the date format to [RFC1123](https://www.rfc-editor.org/rfc/rfc1123.html) which has spaces in between the date fields, but the original spec requires dashes in between the date fields.

We encountered this issue, when using Apache Http Client 4.x against one of our servers. Apache Http Client 4.x support the Netscape Draft Spec, [RFC2109](https://www.rfc-editor.org/rfc/rfc2109.html) and [RFC2965](https://www.rfc-editor.org/rfc/rfc2965.html). If the expires field is present, it defaults to the Netscape Draft Spec and the date format with dashes. [Code](https://github.com/apache/httpcomponents-client/blob/4.5.x/httpclient/src/main/java/org/apache/http/impl/cookie/DefaultCookieSpec.java#L103) It then continues to fail to parse the Session Cookie.

Apache Http Clients version 5.x are okay, because then the [RFC6265](https://www.rfc-editor.org/rfc/rfc6265.html) is used.

Feel free to close this ticket, if you think it's not necessary to support these old clients anymore.



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Incompatibility with Apache Http Client 4.x due to Cookie Expires date format #3461

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Incompatibility with Apache Http Client 4.x due to Cookie Expires date format #3461

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions