-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incorrect handling of Cookie.SetMaxAge with value 0 or less #1900
Comments
In golang
if c.MaxAge > 0 {
b.WriteString("; Max-Age=")
b.Write(strconv.AppendInt(buf[:0], int64(c.MaxAge), 10))
} else if c.MaxAge < 0 {
b.WriteString("; Max-Age=0")
} |
ksw2000
added a commit
to ksw2000/fasthttp
that referenced
this issue
Nov 14, 2024
I think just supporting <0 and converting it to 0 like net/http does is best. Can you make a pull request? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Per the spec that was reference during the cookie max-age implementation (#184), https://datatracker.ietf.org/doc/html/rfc6265#section-5.2.2, a max-age value of 0 or less is valid and is interpreted as forcing the cookie to expire immediately.
In the current implementation, setting max-age to 0 or less causes the max age attribute to be completely ignored, making it impossible to delete a cookie via the max-age attribute. https://github.com/valyala/fasthttp/blob/master/cookie.go#L281
Given 0 is the default value of int in go, probably doesn't make sense to support
max-age=0
, but supporting setting maxAge to <0 should be possible by changing themaxAge > 0
tomaxAge != 0
.Alternatively, the maxAge property could be changed to a
*int
to support setting max-age to 0 as well and check fornil
during the creation of the cookie header.The text was updated successfully, but these errors were encountered: