Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Cookie::isCleared() with expire === 0 #27946

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mlocati opened this issue Jul 13, 2018 · 5 comments
Closed

Cookie::isCleared() with expire === 0 #27946

mlocati opened this issue Jul 13, 2018 · 5 comments
Labels
Bug HttpFoundation Status: Needs Review

Comments

@mlocati
Copy link
Contributor

mlocati commented Jul 13, 2018
edited
Loading

Symfony version(s) affected: 4.1.1

Description
The expire field of a Cookie object (accessible with getExpiresTime()) is used when calling setrawcookie.
From the PHP manual, if expire is 0, the cookie will expire at the end of the session (when the browser closes).
So, a cookie with expire set to 0 is valid. BTW isCleared returns true in this case.

How to reproduce

$cookie = new Symfony\Component\HttpFoundation\Cookie('foo', 'bar');
var_export($cookie->isCleared());
$cookie = new Symfony\Component\HttpFoundation\Cookie('foo', 'bar', 0);
var_export($cookie->isCleared());

it should be false in both cases, but it is true.

Possible Solution
Patch the isCleared method, changing from

return $this->expire < time();

to

return 0 !== $this->expire && $this->expire < time();
@ro0NL
Copy link
Contributor

ro0NL commented Jul 20, 2018

@mlocati looks like you're right. Willing to do a PR?

@mlocati
Copy link
Contributor Author

mlocati commented Jul 20, 2018

I'm a few thousands miles away from my PC for a couple of weeks. But feel free to patch it yourself

@nicolas-grekas
Copy link
Member

Just wondering: why should 0 be a special value? The Cookie class doesn't have to match wheat setrawcookie(), does it? PHP needs a way to define a session cookie, and passing 0 is the way to go, but Cookie does it differently and thus doesn't need to treat 0 is a special way.
Does this make sense?

@ro0NL
Copy link
Contributor

ro0NL commented Jul 23, 2018

it is a special value

symfony/src/Symfony/Component/HttpFoundation/Cookie.php

Lines 138 to 140 in 0eea077

if (0 !== $this->getExpiresTime()) {
$str .= '; expires='.gmdate('D, d-M-Y H:i:s T', $this->getExpiresTime()).'; Max-Age='.$this->getMaxAge();
}

@nicolas-grekas
Copy link
Member

Thanks, bug confirmed to me also then, PR welcome :)

@ro0NL ro0NL mentioned this issue Jul 23, 2018
Merged
nicolas-grekas added a commit that referenced this issue Jul 29, 2018
@nicolas-grekas
bug #28045 [HttpFoundation] Fix Cookie::isCleared (ro0NL)
81eb54e 
This PR was merged into the 2.8 branch.

Discussion
----------

[HttpFoundation] Fix Cookie::isCleared

| Q             | A
| ------------- | ---
| Branch?       | 2.8
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no     <!-- see https://symfony.com/bc -->
| Deprecations? | no
| Tests pass?   | yes    <!-- please add some, will be required by reviewers -->
| Fixed tickets | #27946
| License       | MIT
| Doc PR        | symfony/symfony-docs#... <!-- required for new features -->

<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
 - Bug fixes must be submitted against the lowest branch where they apply
   (lowest branches are regularly merged to upper ones so they get the fixes too).
 - Features and deprecations must be submitted against the master branch.
-->

Commits
-------

d3d7766 [HttpFoundation] Fix Cookie::isCleared
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug HttpFoundation Status: Needs Review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@javiereguiluz @nicolas-grekas @mlocati @ro0NL @carsonbot