summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--django/contrib/sessions/middleware.py4
-rw-r--r--django/http/response.py7
-rw-r--r--docs/releases/2.1.txt6
-rw-r--r--tests/messages_tests/test_cookie.py2
-rw-r--r--tests/requests/tests.py8
-rw-r--r--tests/sessions_tests/tests.py8
6 files changed, 20 insertions, 15 deletions
diff --git a/django/contrib/sessions/middleware.py b/django/contrib/sessions/middleware.py
index 60faa2b328..7263b6ac2d 100644
--- a/django/contrib/sessions/middleware.py
+++ b/django/contrib/sessions/middleware.py
@@ -6,7 +6,7 @@ from django.contrib.sessions.backends.base import UpdateError
from django.core.exceptions import SuspiciousOperation
from django.utils.cache import patch_vary_headers
from django.utils.deprecation import MiddlewareMixin
-from django.utils.http import cookie_date
+from django.utils.http import http_date
class SessionMiddleware(MiddlewareMixin):
@@ -50,7 +50,7 @@ class SessionMiddleware(MiddlewareMixin):
else:
max_age = request.session.get_expiry_age()
expires_time = time.time() + max_age
- expires = cookie_date(expires_time)
+ expires = http_date(expires_time)
# Save the session data and refresh the client cookie.
# Skip session save for 500 responses, refs #3881.
if response.status_code != 500:
diff --git a/django/http/response.py b/django/http/response.py
index c07dc5b6e0..76d731d53f 100644
--- a/django/http/response.py
+++ b/django/http/response.py
@@ -14,7 +14,7 @@ from django.core.serializers.json import DjangoJSONEncoder
from django.http.cookie import SimpleCookie
from django.utils import timezone
from django.utils.encoding import force_bytes, iri_to_uri
-from django.utils.http import cookie_date
+from django.utils.http import http_date
_charset_from_content_type_re = re.compile(r';\s*charset=(?P<charset>[^\s;]+)', re.I)
@@ -185,8 +185,7 @@ class HttpResponseBase:
self.cookies[key]['max-age'] = max_age
# IE requires expires, so set it if hasn't been already.
if not expires:
- self.cookies[key]['expires'] = cookie_date(time.time() +
- max_age)
+ self.cookies[key]['expires'] = http_date(time.time() + max_age)
if path is not None:
self.cookies[key]['path'] = path
if domain is not None:
@@ -207,7 +206,7 @@ class HttpResponseBase:
def delete_cookie(self, key, path='/', domain=None):
self.set_cookie(key, max_age=0, path=path, domain=domain,
- expires='Thu, 01-Jan-1970 00:00:00 GMT')
+ expires='Thu, 01 Jan 1970 00:00:00 GMT')
# Common methods used by subclasses
diff --git a/docs/releases/2.1.txt b/docs/releases/2.1.txt
index b48804ab97..e1947728d9 100644
--- a/docs/releases/2.1.txt
+++ b/docs/releases/2.1.txt
@@ -232,6 +232,12 @@ Miscellaneous
* The minimum supported version of ``mysqlclient`` is increased from 1.3.3 to
1.3.7.
+* The date format of ``Set-Cookie``'s ``Expires`` directive is changed to
+ follow :rfc:`7231#section-7.1.1.1` instead of Netscape's cookie standard.
+ Hyphens present in dates like ``Tue, 25-Dec-2018 22:26:13 GMT`` are removed.
+ This change should be merely cosmetic except perhaps for antiquated browsers
+ that don't parse the new format.
+
.. _deprecated-features-2.1:
Features deprecated in 2.1
diff --git a/tests/messages_tests/test_cookie.py b/tests/messages_tests/test_cookie.py
index 68dea51bcf..a5eff30fd4 100644
--- a/tests/messages_tests/test_cookie.py
+++ b/tests/messages_tests/test_cookie.py
@@ -82,7 +82,7 @@ class CookieTests(BaseTests, SimpleTestCase):
storage.update(response)
self.assertEqual(response.cookies['messages'].value, '')
self.assertEqual(response.cookies['messages']['domain'], '.example.com')
- self.assertEqual(response.cookies['messages']['expires'], 'Thu, 01-Jan-1970 00:00:00 GMT')
+ self.assertEqual(response.cookies['messages']['expires'], 'Thu, 01 Jan 1970 00:00:00 GMT')
def test_get_bad_cookie(self):
request = self.get_request()
diff --git a/tests/requests/tests.py b/tests/requests/tests.py
index 4c26bccf4e..fdc2e06e18 100644
--- a/tests/requests/tests.py
+++ b/tests/requests/tests.py
@@ -14,7 +14,7 @@ from django.http.request import split_domain_port
from django.test import RequestFactory, SimpleTestCase, override_settings
from django.test.client import FakePayload
from django.test.utils import freeze_time
-from django.utils.http import cookie_date
+from django.utils.http import http_date
from django.utils.timezone import utc
@@ -234,7 +234,7 @@ class RequestsTests(SimpleTestCase):
response.set_cookie('c', 'old-value')
self.assertEqual(response.cookies['c']['expires'], '')
response.delete_cookie('c')
- self.assertEqual(response.cookies['c']['expires'], 'Thu, 01-Jan-1970 00:00:00 GMT')
+ self.assertEqual(response.cookies['c']['expires'], 'Thu, 01 Jan 1970 00:00:00 GMT')
response.set_cookie('c', 'new-value')
self.assertEqual(response.cookies['c']['expires'], '')
@@ -246,7 +246,7 @@ class RequestsTests(SimpleTestCase):
self.assertIn(
datetime_cookie['expires'],
# assertIn accounts for slight time dependency (#23450)
- ('Sat, 01-Jan-2028 04:05:06 GMT', 'Sat, 01-Jan-2028 04:05:07 GMT')
+ ('Sat, 01 Jan 2028 04:05:06 GMT', 'Sat, 01 Jan 2028 04:05:07 GMT')
)
def test_max_age_expiration(self):
@@ -257,7 +257,7 @@ class RequestsTests(SimpleTestCase):
response.set_cookie('max_age', max_age=10)
max_age_cookie = response.cookies['max_age']
self.assertEqual(max_age_cookie['max-age'], 10)
- self.assertEqual(max_age_cookie['expires'], cookie_date(set_cookie_time + 10))
+ self.assertEqual(max_age_cookie['expires'], http_date(set_cookie_time + 10))
def test_httponly_cookie(self):
response = HttpResponse()
diff --git a/tests/sessions_tests/tests.py b/tests/sessions_tests/tests.py
index 3a3af1613a..f70c8ca1e6 100644
--- a/tests/sessions_tests/tests.py
+++ b/tests/sessions_tests/tests.py
@@ -730,9 +730,9 @@ class SessionMiddlewareTests(TestCase):
# The cookie was deleted, not recreated.
# A deleted cookie header looks like:
- # Set-Cookie: sessionid=; expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/
+ # Set-Cookie: sessionid=; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/
self.assertEqual(
- 'Set-Cookie: {}=""; expires=Thu, 01-Jan-1970 00:00:00 GMT; '
+ 'Set-Cookie: {}=""; expires=Thu, 01 Jan 1970 00:00:00 GMT; '
'Max-Age=0; Path=/'.format(
settings.SESSION_COOKIE_NAME,
),
@@ -758,11 +758,11 @@ class SessionMiddlewareTests(TestCase):
# The cookie was deleted, not recreated.
# A deleted cookie header with a custom domain and path looks like:
# Set-Cookie: sessionid=; Domain=.example.local;
- # expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0;
+ # expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0;
# Path=/example/
self.assertEqual(
'Set-Cookie: {}=""; Domain=.example.local; expires=Thu, '
- '01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/example/'.format(
+ '01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/example/'.format(
settings.SESSION_COOKIE_NAME,
),
str(response.cookies[settings.SESSION_COOKIE_NAME])