Closed lyrixderaven closed 5 years ago
No, it should ignore the global locale setting. I think it was just an old bug because the software was developed in the US and most people keep their servers in EN + UTC configuration.
Most frameworks provide their own implementation of HTTP dates formatting, beaker should probably do the same:
werkzeug: https://github.com/pallets/werkzeug/blob/d824659abe95ed31b1f9c355f88c4741da5a6e5f/src/werkzeug/http.py#L812-L843 webob: https://github.com/Pylons/webob/blob/741b3d6c9750ba30ba6fd7bc61d66d9f9febe75b/src/webob/cookies.py#L257-L274
Awesome, thanks for the rapid response and fix!
Is there a release schedule that let's me see when this fix will likely be versioned into a release?
The
_set_cookie_expires(self,expires)
functionality doesn't account for applications that have changed the globale locale:produces output similar to
'Do, 16-Mai-2019 09:59:46 GMT'
with a global locale setting ofde_DE.UTF-8
. This is quite problematic, since most browsers will ignore the expiration setting then, leading to all kinds of uninentended consequences.One solution might be to use a thread-safe context manager to force the locale for the date conversion to be
en_US.UTF-8
or similar (see https://stackoverflow.com/a/24070673/846274 for an example that should work in this case).Is there any reason why this function should honor the global application locale at all?