GNU bug report logs -
#6957
url-cookie-expired-p
Previous Next
Reported by: shawn boles <shawn.boles <at> gmail.com>
Date: Tue, 31 Aug 2010 20:08:02 UTC
Severity: normal
Fixed in version 23.3
Done: Glenn Morris <rgm <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 6957 in the body.
You can then email your comments to 6957 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6957; Package
emacs.
(Tue, 31 Aug 2010 20:08:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
shawn boles <shawn.boles <at> gmail.com>:
New bug report received and forwarded. Copy sent to
bug-gnu-emacs <at> gnu.org.
(Tue, 31 Aug 2010 20:08:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hello,
Please forgive me if this list is not the correct recipient for this
message. If there is a better destination, I will be happy to send it
on.
I am working on a web services client that is mostly a wrapper around
URL Package. I am using GNU Emacs v.23.2. My client implementation
requires keeping tight rein on a session ID cookie. My sessions are
terminating abnormally. I believe I have tracked this issue to a bug
in url-cookie-expired-p.
If the cookie's expiration date is the same as today's date,
url-cookie-expired-p normalizes the times to seconds and compares the
difference. I believe the problem is in the normalization algorithm.
In pseudo-code, the current implementation does:
(+ (* 360 seconds) (* 60 minutes) (* 1 hours))
I believe this should be:
(+ (* 1 seconds) (* 60 minutes) (* 360 hours)).
As is, the result of the comparison is almost always dependent on the
number of seconds in the time strings. It is interesting how
frequently this mistaken comparison is correct.
I have attached a patch.
Thank you,
-shawn
[url-cookie.el.patch (application/octet-stream, attachment)]
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6957; Package
emacs.
(Tue, 31 Aug 2010 22:52:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 6957 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
So this is buggier than I thought.
First, the hour normalization is still incorrect: there are 3600
seconds in an hour, not 360.
Second, the cookie expiration time is GMT, per the cookie spec. As is,
url-cookie-expired-p compares current time (no GMT adjustment) with a
GMT expiration time.
Please see the attached patch.
I fixed the hour normalization.
I added a function called url-cookie-gmt-time-string that returns the
current time adjusted to GMT. Please check this function. While I
believe my implementation is correct, there may be a better way to
adjust a time to GMT in Emacs.
I updated url-cookie-expire-p so that it compares local time as GMT
with the expiration time, also as GMT.
Thanks!
shawn
[url-cookie.el.patch (application/octet-stream, attachment)]
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6957; Package
emacs.
(Tue, 31 Aug 2010 23:38:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 6957 <at> debbugs.gnu.org (full text, mbox):
shawn boles <shawn.boles <at> gmail.com> writes:
> I added a function called url-cookie-gmt-time-string that returns the
> current time adjusted to GMT. Please check this function. While I
> believe my implementation is correct, there may be a better way to
> adjust a time to GMT in Emacs.
(float-time) already gives the seconds since epoch. No need to convert
to string and back, or doing any time zone adjustments.
Andreas.
--
Andreas Schwab, schwab <at> linux-m68k.org
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6957; Package
emacs.
(Wed, 01 Sep 2010 00:43:01 GMT)
Full text and
rfc822 format available.
Message #14 received at 6957 <at> debbugs.gnu.org (full text, mbox):
On Tue, Aug 31, 2010 at 4:39 PM, Andreas Schwab <schwab <at> linux-m68k.org> wrote:
> (float-time) already gives the seconds since epoch. No need to convert
> to string and back, or doing any time zone adjustments.
Hi Andreas,
Thank you for your reply.
I understand that (float-time) gives the seconds since Epoch. Maybe I
am missing something here...
This does not change the issue that (url-cookie-expired-p) is taking
the time string from (current-time-string), adjusted to the user's
timezone and comparing it against a cookie expiration time string,
adjusted to GMT. (url-cookie-expired-p) is not taking into account
that the times are (most likely) in different timezones.
Once I had settled the time normalization issue, I noticed that my
hour long session cookies were still not expiring. After I added
debugging I discovered that (url-cookie-expired-p) was comparing the
current time: "16:30:00" (PST) against "23:30:00" (GMT). My solution
(arguably not the best!) is to get the current time in seconds since
the Epoch (float-time), adjust it to a time that is GMT with the value
of (car (current-timezone)) and then make the comparison. This may not
be the best solution, but! (url-cookie-expired-p) is now comparing
like times.
Please let me know if I am way off base here.
It occurs to me that the date comparison is also wrong, for the same
reason: It takes a date string from (current-time-string), adjusted to
the user's timezone and compares it against a cookie date string in
GMT. I would like to fix this as well.
Thank you,
shawn
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6957; Package
emacs.
(Thu, 02 Sep 2010 17:12:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 6957 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Tue, Aug 31, 2010 at 4:39 PM, Andreas Schwab <schwab <at> linux-m68k.org> wrote:
> (float-time) already gives the seconds since epoch. No need to convert
> to string and back, or doing any time zone adjustments.
I spent yesterday laid up with a cold. Between naps I found myself
coming back to (url-cookie-expired-p) and Andreas' response to my GMT
conversion. I kept thinking that there must be kernel of wisdom for
this grasshopper to find.
I would like to suggest the following replacement for
(url-cookie-expired-p); please see attached patch.
(defun url-cookie-expired-p (cookie)
(let* ((exp (url-cookie-expires cookie))
(exp-time (and exp (float-time (date-to-time exp)))))
(if (not exp) nil
(> (float-time) exp-time))))
If the cookie has an expiration date, (float-time (date-to-time exp))
takes care of converting this to a float time, adjusted to the
client's time zone. Then all we need to do is compare this exp-time
against (float-time).
As an added bonus, we can now remove the url-cookie dependency on timezone.
shawn
[url-cookie.el.patch (application/octet-stream, attachment)]
Reply sent
to
Glenn Morris <rgm <at> gnu.org>:
You have taken responsibility.
(Thu, 09 Sep 2010 05:38:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
shawn boles <shawn.boles <at> gmail.com>:
bug acknowledged by developer.
(Thu, 09 Sep 2010 05:38:02 GMT)
Full text and
rfc822 format available.
Message #22 received at 6957-done <at> debbugs.gnu.org (full text, mbox):
Version: 23.3
Thank you for the patch; applied.
BTW, something like
(if (not foo) nil bar)
can be written as (and foo bar).
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Thu, 07 Oct 2010 11:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 14 years and 342 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.