Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] [dinky-admin] The cookie time format is not compatible with Chrome standards #4086

Open
2 of 3 tasks
gnixuygnahz opened this issue Dec 24, 2024 · 3 comments
Open
2 of 3 tasks

[Bug] [dinky-admin] The cookie time format is not compatible with Chrome standards #4086

gnixuygnahz opened this issue Dec 24, 2024 · 3 comments
Labels
Bug Something isn't working

Comments

@gnixuygnahz
Copy link

Search before asking

  • I had searched in the issues and found no similar issues.

What happened

在登录接口返回的报文头中,设置Cookie过期的时区格式为+0800,而Chrome仅支持接受+0000,HTTP规范中也规定Cookie过期时间的时区必须为+0000时区。

虽然默认过期时长是10小时,但这个问题导致我每次登录之后,仅过2小时就过期了。

参考:https://zhuanlan.zhihu.com/p/454594393?utm_id=0

What you expected to happen

登录接口的Cookie信息返回标准格式的时区,以兼容更多浏览器。

How to reproduce

使用Chrome浏览器

Anything else

No response

Version

1.2.0

Are you willing to submit PR?

  • Yes I am willing to submit a PR!

Code of Conduct
@gnixuygnahz gnixuygnahz added Bug Something isn't working Waiting for reply Waiting for reply labels Dec 24, 2024
@github-actions github-actions bot changed the title [Bug] [dinky-admin] 设置Cookie时间格式不兼容Chrome标准 [Bug] [dinky-admin] The cookie time format is not compatible with Chrome standards Dec 24, 2024
@MactavishCui
Copy link
Contributor

MactavishCui commented Dec 24, 2024
edited
Loading

Hi~@gnixuygnahz Using dinky-dev branch and Chrome 131.0.6778.205 (arm64), I logined at 2024-12-24 16:57:01, as is shown follows, based on Max-Age, cookie expire time is correctly set to 10 hours later, which is Wed, 25 Dec 2024 01:57:01 +0800(Although it uses +0800 timezone, which is not HTTP standards-compliant). The issue of incorrect cookie expire time cannot be reproduced. Could your provide more details to reproduce this bug?

access-control-allow-credentials:true
access-control-allow-origin:http://localhost:8000
access-control-expose-headers:dinky-token
cache-control:no-cache, no-transform
connection:close
content-type:application/json
date:Tue, 24 Dec 2024 07:57:01 GMT
dinky-token:f403a5a1-f129-4b67-ac2c-8073de444f87
set-cookie:dinky-token=f403a5a1-f129-4b67-ac2c-8073de444f87; Max-Age=36000; Expires=Wed, 25 Dec 2024 01:57:01 +0800; Path=/
transfer-encoding:chunked
vary:Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-accel-buffering:noe
x-powered-by:Express
x-real-url:http://127.0.0.1:8888/api/login

@gnixuygnahz
Copy link
Author

@MactavishCui The version of the Chrome browser I am using is 105.0.5195.54. A possible reason could be that the version is outdated.

@MactavishCui
Copy link
Contributor

@MactavishCui The version of the Chrome browser I am using is 105.0.5195.54. A possible reason could be that the version is outdated.

@gnixuygnahz Thanks for your reply. Dinky's token control is based on Sa-Token. After reading the document of Sa-Token, I find that currently Sa-Token only support following configurations:

 domain: stp.com
 path: /
 secure: false
 httpOnly: true
 sameSite: Lax

In my opinion, that means the time zone configuration for cookies implemented only by Dinky maybe is not concise without sa-token configuration, do you have any ideas about how to solve this problem?

Besides, maybe you could update the chrome to avoid this problem temporarily.

@aiwenmo aiwenmo removed the Waiting for reply Waiting for reply label Jan 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gnixuygnahz @aiwenmo @MactavishCui