Hey all, Rails (or some used module) uses `Time.gmtime.rfc2822` for the expires field. That looks something like this
> Mon, 30 Jan 2017 22:37:51 -0000 > But following the cookie RFC <https://tools.ietf.org/html/rfc6265#section-4.1.1> not RFC 2822 but RFC 2616 <https://tools.ietf.org/html/rfc2616#section-3.3.1> should be used. The most used format is the one defined by RFC 1233 (also according to MDN <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie>). That looks like this > Mon, 30 Jan 2017 22:37:51 GMT > Some background information: I'm running ruby 2.4.0, rails 5.0.1 I ran into this while debugging a rally strange bug I faced today.: Im setting a cookie like this in a redirect response cookies[:remember_token] = { :value => remember_token, :expires => 1.day.from_now, :httponly => true } But Chromium 53.0.2785.143 simply ignores it when set in dev environment (i.e. from localhost). It works on deployment server though (maybe because it's using https?). Locally it also breaks using :expires => 9.months.from_now, but super strangely works using :expires => 10.months.from_now, The issue also resolves when not using en expiration date at all. On Opera all versions work. I thought this might be related to the time format (just because I have no further ideas). Any thoughts on this? Is it worth opening an issue und GitHub? Do you have an idea how to fix? -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/rubyonrails-core. For more options, visit https://groups.google.com/d/optout.
