aboutsummaryrefslogtreecommitdiff
path: root/src/net/http/cookie.go
diff options
context:
space:
mode:
Diffstat (limited to 'src/net/http/cookie.go')
-rw-r--r--src/net/http/cookie.go8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/net/http/cookie.go b/src/net/http/cookie.go
index a0a4690ddc..5a67476cd4 100644
--- a/src/net/http/cookie.go
+++ b/src/net/http/cookie.go
@@ -168,7 +168,7 @@ func (c *Cookie) String() string {
log.Printf("net/http: invalid Cookie.Domain %q; dropping domain attribute", c.Domain)
}
}
- if c.Expires.Unix() > 0 {
+ if validCookieExpires(c.Expires) {
b.WriteString("; Expires=")
b2 := b.Bytes()
b.Reset()
@@ -246,6 +246,12 @@ func validCookieDomain(v string) bool {
return false
}
+// validCookieExpires returns whether v is a valid cookie expires-value.
+func validCookieExpires(t time.Time) bool {
+ // IETF RFC 6265 Section 5.1.1.5, the year must not be less than 1601
+ return t.Year() >= 1601
+}
+
// isCookieDomainName returns whether s is a valid domain name or a valid
// domain name with a leading dot '.'. It is almost a direct copy of
// package net's isDomainName.
generated by cgit v1.3-6-g1900 (git 2.53.0) at 2026-04-17 20:46:21 +0000