Cookies with expiry time set to epoch zero are matched and not expired

salesforce / tough-cookie

RFC6265 Cookies and CookieJar for Node.js

BSD 3-Clause "New" or "Revised" License

964 stars 207 forks source link

Cookies with expiry time set to epoch zero are matched and not expired #455

Closed faulpeltz closed 3 weeks ago

faulpeltz commented 1 month ago

If the server sends a cookie with expiry time set to epoch zero (1970-01-01T00:00:00.000Z), the cookie is then returned in getCookies(url) even though "expire" is set to true (the default)

This is because expiryTime here should be checked for undefined not just !expiryTime https://github.com/salesforce/tough-cookie/blob/1a71340594beac95c4ea10fefe4eb79fdfead5c2/lib/cookie/cookieJar.ts#L940

colincasey commented 1 month ago

Thanks for the filing this issue @faulpeltz.