An exciting half day spent in the land of cookies

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

An exciting half day spent in the land of cookies

Jolle Carlestam-2
This is not a cry for help. It is merely a word (a lot of words actually) of warning to this of us that sets cookies in Lasso 9 for languages other than English.


Remember I had a strange date related error the other day that turned out to be because my server used an en_US locale instead of the preferred sv_SE. An error that I fixed by setting the default locale at startup for the instance.
http://www.lassotalk.com/Weird-date-week-error-Lasso-9.lasso?276577

Well today I’ve been struggling for a couple of hours with a completely unrelated issue concerning disappearing cookies and thus clients not being able to log in to their intranets.
It started quietly on Saturday and exploded today, Monday. (There’s a relevancy here, be patient…)

The two issues eventually turned out to be closely related.

The reason clients could not log in was because the session cookie never got set by the browser. It was not because they did not get the cookies, it was because the browser could not understand them.

Short explanation. Cookies should be set like this:
Set-Cookie: name=Jolle; expires=Mon, 26 Jan 2015 10:38:25 GMT; path=/

The way the date is formatted is important. Even if Lasso allows us to use durations or integers as input values for the -expires param they are always translated to a date value formatted like the example above before being sent to the browser.


Now, here’s the connection with the previous thread. When Lasso sets a cookie expire value it will use the default_locale to format the date.
For a vast majority of Lasso sites this has no impact since they probably talk English anyway and thus default_locale is using the correct format for the cookie. But when I set my server to use Swedish it broke the cookie creation. Only, part of the trickiness, not for all browsers and not for all days. It’s, so far, only Safari (both IOS and OSX) that suffers from this. And only on Saturdays, Sundays and Mondays. Because these days are the only ones that contains non English chars in the day name, Lördag, Söndag, Måndag.

Thus, this: Mon, 26-Jan-2015 06:07:24 GMT
Will, by Lasso, be sent like this mån, 26-Jan-2015 06:07:24 GMT
And interpreted as: mån, 26-Jan-2015 06:07:24 GMT
and stop all further cookie setting in Safari. Chrome and Firefox both interpret the cookie anyway and proceeds.

This is of course a bug in Lasso, and possibly in Safari. As I see it Lasso should not use the default_locale when formatting the date put into the cookie, it should always use en_US.

Now, next item on the agenda. How do I fix this?

First thing I tried was to temporarily change the default_locale to en_US, set the cookie and then change the default_locale back to sv_SE. No go. I think this is because Lasso won’t actually set the cookie until the very end of the processing. By that time the default_locale is set back to sv_SE again.

Some reading up of the documentation for setting cookies pointed to a way.

"The -expires parameter can be either a date object, a duration object, an integer, a string, or any object that will produce a suitable value when converted into a string. A date indicates the absolute date at which the cookie will expire. A duration indicates the time that the cookie should expire based on the time at which the cookie is being set. An integer indicates the number of minutes until the cookie expires. Any other object type is appended directly to the outgoing cookie header string.”

Notice the last sentence? ”appended directly”. Aha, If I create a string with the date value correctly formatted and use that as -expires param then I’m good to go? Right?

local(cookiedate = date(-dateGMT))
#cookiedate -> add(-minute = 20160) // 14 days

web_response -> setcookie(
        'mycookie' = 'value',
        -domain = server_name,
        -expires = #cookiedate -> format("EEE, dd MMM yyyy HH:mm:ss 'GMT'", -locale = locale('en', 'US')),
        -path = '/’
)

The result of #cookiedate -> format(...) looks like this by the way:
Mon, 26 Jan 2015 10:53:12 GMT
Looks good to me.
But no, now it’s time for Lasso cookie bug no 2. That "appended directly” promise is not fulfilled. Lasso will insist on interpreting the input as a date and format it. And making huge mistakes in the process. The above will come out as this:
Set-Cookie: domain = value;expires=mån, 12-Jan-2015 10:49:51 GMT;path=/

From 26 Jan 2015 10:53:12 to 12-Jan-2015 10:49:51? Not a lot of right assumptions there…

Conclusions at this point. I have found no way around this as long as I have the desire to have both default_locale set to sv_SE and to use cookies with expires params. Until I find another way, or Lasso fixes one or both cookie bugs I’ve resorted to remove the expires param from my cookies. This is not a good solution but it will keep clients happier than not being able to log in at all.

Thanks for your patience reading this far.

HDB
Jolle

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: An exciting half day spent in the land of cookies

Jolle Carlestam-2
12 jan 2015 kl. 13:09 skrev Jolle Carlestam <[hidden email]>:

> This is not a cry for help. It is merely a word (a lot of words actually) of warning to this of us that sets cookies in Lasso 9 for languages other than English.


Should be: to those of us that

(Bloody Auto Correct)

HDB
Jolle

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: An exciting half day spent in the land of cookies

Jolle Carlestam-2
In reply to this post by Jolle Carlestam-2
12 jan 2015 kl. 13:09 skrev Jolle Carlestam <[hidden email]>:

> I have found no way around this as long as I have the desire to have both default_locale set to sv_SE and to use cookies with expires params.

Did find a way, sort of. Rather silly but works. What I need to do is avoid setting cookies to expire on days that have non English chars in them.

local(cookiedate = date(-dateGMT))

match(#cookiedate -> dayofweek) => {
        case(7) // Saturday
                #cookiedate -> add(-minute = #expires + 4320)
        case(1) // Sunday
                #cookiedate -> add(-minute = #expires + 2880)
        case(2) // Monday
                #cookiedate -> add(-minute = #expires + 1440)
        case // All other days
                #cookiedate -> add(-minute = #expires)

}

web_response -> setcookie(
        ’mycookie' = #cookievalue,
        -domain = server_name,
        -expires = #cookiedate,
        -path = '/’
)

This will ensure that cookies are never set to Saturday, Sunday or Monday dates. If so they will expire on the following Tuesday instead. Works for me. :-)

HDB
Jolle

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: An exciting half day spent in the land of cookies

Marc Vos-3
LOL

good tip!

- -
Marc

On 12 jan. 2015, at 13:55, Jolle Carlestam <[hidden email]> wrote:

> 12 jan 2015 kl. 13:09 skrev Jolle Carlestam <[hidden email]>:
>
>> I have found no way around this as long as I have the desire to have both default_locale set to sv_SE and to use cookies with expires params.
>
> Did find a way, sort of. Rather silly but works. What I need to do is avoid setting cookies to expire on days that have non English chars in them.
>
> local(cookiedate = date(-dateGMT))
>
> match(#cookiedate -> dayofweek) => {
> case(7) // Saturday
> #cookiedate -> add(-minute = #expires + 4320)
> case(1) // Sunday
> #cookiedate -> add(-minute = #expires + 2880)
> case(2) // Monday
> #cookiedate -> add(-minute = #expires + 1440)
> case // All other days
> #cookiedate -> add(-minute = #expires)
>
> }
>
> web_response -> setcookie(
> ’mycookie' = #cookievalue,
> -domain = server_name,
> -expires = #cookiedate,
> -path = '/’
> )
>
> This will ensure that cookies are never set to Saturday, Sunday or Monday dates. If so they will expire on the following Tuesday instead. Works for me. :-)
>
> HDB
> Jolle
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: An exciting half day spent in the land of cookies

Bil Corry-3
In reply to this post by Jolle Carlestam-2
Safari is doing what the spec says to do:

http://tools.ietf.org/html/rfc6265#section-5.1.1

Seems like the other browsers are more forgiving.

In any event, anywhere where dates are used for headers (email, cache,
cookies, etc), LassoSoft should force the US locale.


- Bil


On Mon, Jan 12, 2015 at 1:09 PM, Jolle Carlestam <[hidden email]>
wrote:

> This is not a cry for help. It is merely a word (a lot of words actually)
> of warning to this of us that sets cookies in Lasso 9 for languages other
> than English.
>
>
> Remember I had a strange date related error the other day that turned out
> to be because my server used an en_US locale instead of the preferred
> sv_SE. An error that I fixed by setting the default locale at startup for
> the instance.
> http://www.lassotalk.com/Weird-date-week-error-Lasso-9.lasso?276577
>
> Well today I’ve been struggling for a couple of hours with a completely
> unrelated issue concerning disappearing cookies and thus clients not being
> able to log in to their intranets.
> It started quietly on Saturday and exploded today, Monday. (There’s a
> relevancy here, be patient…)
>
> The two issues eventually turned out to be closely related.
>
> The reason clients could not log in was because the session cookie never
> got set by the browser. It was not because they did not get the cookies, it
> was because the browser could not understand them.
>
> Short explanation. Cookies should be set like this:
> Set-Cookie: name=Jolle; expires=Mon, 26 Jan 2015 10:38:25 GMT; path=/
>
> The way the date is formatted is important. Even if Lasso allows us to use
> durations or integers as input values for the -expires param they are
> always translated to a date value formatted like the example above before
> being sent to the browser.
>
>
> Now, here’s the connection with the previous thread. When Lasso sets a
> cookie expire value it will use the default_locale to format the date.
> For a vast majority of Lasso sites this has no impact since they probably
> talk English anyway and thus default_locale is using the correct format for
> the cookie. But when I set my server to use Swedish it broke the cookie
> creation. Only, part of the trickiness, not for all browsers and not for
> all days. It’s, so far, only Safari (both IOS and OSX) that suffers from
> this. And only on Saturdays, Sundays and Mondays. Because these days are
> the only ones that contains non English chars in the day name, Lördag,
> Söndag, Måndag.
>
> Thus, this: Mon, 26-Jan-2015 06:07:24 GMT
> Will, by Lasso, be sent like this mån, 26-Jan-2015 06:07:24 GMT
> And interpreted as: mån, 26-Jan-2015 06:07:24 GMT
> and stop all further cookie setting in Safari. Chrome and Firefox both
> interpret the cookie anyway and proceeds.
>
> This is of course a bug in Lasso, and possibly in Safari. As I see it
> Lasso should not use the default_locale when formatting the date put into
> the cookie, it should always use en_US.
>
> Now, next item on the agenda. How do I fix this?
>
> First thing I tried was to temporarily change the default_locale to en_US,
> set the cookie and then change the default_locale back to sv_SE. No go. I
> think this is because Lasso won’t actually set the cookie until the very
> end of the processing. By that time the default_locale is set back to sv_SE
> again.
>
> Some reading up of the documentation for setting cookies pointed to a way.
>
> "The -expires parameter can be either a date object, a duration object, an
> integer, a string, or any object that will produce a suitable value when
> converted into a string. A date indicates the absolute date at which the
> cookie will expire. A duration indicates the time that the cookie should
> expire based on the time at which the cookie is being set. An integer
> indicates the number of minutes until the cookie expires. Any other object
> type is appended directly to the outgoing cookie header string.”
>
> Notice the last sentence? ”appended directly”. Aha, If I create a string
> with the date value correctly formatted and use that as -expires param then
> I’m good to go? Right?
>
> local(cookiedate = date(-dateGMT))
> #cookiedate -> add(-minute = 20160) // 14 days
>
> web_response -> setcookie(
>         'mycookie'      = 'value',
>         -domain         = server_name,
>         -expires        = #cookiedate -> format("EEE, dd MMM yyyy HH:mm:ss
> 'GMT'", -locale = locale('en', 'US')),
>         -path           = '/’
> )
>
> The result of #cookiedate -> format(...) looks like this by the way:
> Mon, 26 Jan 2015 10:53:12 GMT
> Looks good to me.
> But no, now it’s time for Lasso cookie bug no 2. That "appended directly”
> promise is not fulfilled. Lasso will insist on interpreting the input as a
> date and format it. And making huge mistakes in the process. The above will
> come out as this:
> Set-Cookie: domain = value;expires=mån, 12-Jan-2015 10:49:51 GMT;path=/
>
> From 26 Jan 2015 10:53:12 to 12-Jan-2015 10:49:51? Not a lot of right
> assumptions there…
>
> Conclusions at this point. I have found no way around this as long as I
> have the desire to have both default_locale set to sv_SE and to use cookies
> with expires params. Until I find another way, or Lasso fixes one or both
> cookie bugs I’ve resorted to remove the expires param from my cookies. This
> is not a good solution but it will keep clients happier than not being able
> to log in at all.
>
> Thanks for your patience reading this far.
>
> HDB
> Jolle
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>   the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>
>

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: An exciting half day spent in the land of cookies

Jolle Carlestam-2
12 jan 2015 kl. 17:23 skrev Bil Corry <[hidden email]>:

> Safari is doing what the spec says to do:
>
> http://tools.ietf.org/html/rfc6265#section-5.1.1
>
> Seems like the other browsers are more forgiving.
>
> In any event, anywhere where dates are used for headers (email, cache,
> cookies, etc), LassoSoft should force the US locale.

Hear, hear!

This is the way I found that would do that regardless of locale setting:

#mydate -> format("EEE, dd MMM yyyy HH:mm:ss 'GMT'", -locale = locale('en', 'US’))

The code for web_response -> set cookie is not made public. But I bet there already is a -> format call in it. Add the , -locale = locale('en', 'US’) and you’re done.

HDB
Jolle

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: An exciting half day spent in the land of cookies

Steffan A. Cline
Jolle,

Did you file the bug?



Thanks,
Steffan

---------------------------------------------------------------
T E L  6 0 2 . 7 9 3 . 0 0 1 4 | F A X  6 0 2 . 9 7 1 . 1 6 9 4
Steffan A. Cline   [hidden email]
http://www.ExecuChoice.net                 Phoenix, Arizona USA
                 
---------------------------------------------------------------






On 1/12/15, 9:37 AM, "Jolle Carlestam" <[hidden email]> wrote:

>12 jan 2015 kl. 17:23 skrev Bil Corry <[hidden email]>:
>
>> Safari is doing what the spec says to do:
>>
>> http://tools.ietf.org/html/rfc6265#section-5.1.1
>>
>> Seems like the other browsers are more forgiving.
>>
>> In any event, anywhere where dates are used for headers (email, cache,
>> cookies, etc), LassoSoft should force the US locale.
>
>Hear, hear!
>
>This is the way I found that would do that regardless of locale setting:
>
>#mydate -> format("EEE, dd MMM yyyy HH:mm:ss 'GMT'", -locale =
>locale('en', 'US¹))
>
>The code for web_response -> set cookie is not made public. But I bet
>there already is a -> format call in it. Add the , -locale = locale('en',
>'US¹) and you¹re done.
>
>HDB
>Jolle
>
>#############################################################
>
>This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
>Official list archives available at http://www.lassotalk.com
>To unsubscribe, E-mail to: <[hidden email]>
>Send administrative queries to  <[hidden email]>
>



#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: An exciting half day spent in the land of cookies

Jolle Carlestam-2
12 jan 2015 kl. 17:41 skrev Steffan A. Cline <[hidden email]>:

> Jolle,
>
> Did you file the bug?
>
>
>
> Thanks,
> Steffan

Steffan, how can you doubt me like that? :-)

http://www.lassosoft.com/rhinotrac?id=7933
http://www.lassosoft.com/rhinotrac?id=7933

HDB
Jolle

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>