Hi, I am checking the RFC6265 as we wanted to switch to the RFC6265 Cookie processor. One thing I have noticed is around, the way cookie expires date is written to the response.
As per the RFC the date should follow RFC1123 date format https://tools.ietf.org/html/rfc6265#section-4.1.1 expires-av = "Expires=" sane-cookie-date sane-cookie-date = <rfc1123<https://tools.ietf.org/html/rfc1123>-date, defined in [RFC2616], Section 3.3.1<https://tools.ietf.org/html/rfc2616#section-3.3.1>> Example date format tomcat is writing Thu, 11-Jul-2019 22:43:23 GMT private static final String COOKIE_DATE_PATTERN = "EEE, dd-MMM-yyyy HH:mm:ss z"; (CookieProcessorBase.java) What RFC says, HTTP applications have historically allowed three different formats for the representation of date/time stamps: Sun, 06 Nov 1994 08:49:37 GMT ; RFC 822<https://tools.ietf.org/html/rfc822>, updated by RFC 1123<https://tools.ietf.org/html/rfc1123> Sunday, 06-Nov-94 08:49:37 GMT ; RFC 850<https://tools.ietf.org/html/rfc850>, obsoleted by RFC 1036<https://tools.ietf.org/html/rfc1036> Sun Nov 6 08:49:37 1994 ; ANSI C's asctime() format HTTP-date = rfc1123<https://tools.ietf.org/html/rfc1123>-date | rfc850<https://tools.ietf.org/html/rfc850>-date | asctime-date rfc1123<https://tools.ietf.org/html/rfc1123>-date = wkday "," SP date1 SP time SP "GMT" rfc850<https://tools.ietf.org/html/rfc850>-date = weekday "," SP date2 SP time SP "GMT" asctime-date = wkday SP date3 SP time SP 4DIGIT date1 = 2DIGIT SP month SP 4DIGIT ; day month year (e.g., 02 Jun 1982) date2 = 2DIGIT "-" month "-" 2DIGIT ; day-month-year (e.g., 02-Jun-82) Tomcat date is getting started with short wkday then following date2 (contains dashes) format instead of date1. I see both the cookie processors of tomcat are following the same pattern. Can tomcat keep the behavior according to RFC in future updates ? Thanks, Pavan.
