Bug 215475 - pxt-session-cookie is set to expire in 2043
Summary: pxt-session-cookie is set to expire in 2043
Alias: None
Product: Red Hat Network
Classification: Red Hat
Component: RHN/Web Site   
(Show other bugs)
Version: rhn415
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Sebastian Skracic
QA Contact: Red Hat Network Quality Assurance
Whiteboard: US=3391
Depends On:
Blocks: rhn-sprint50
TreeView+ depends on / blocked
Reported: 2006-11-14 09:06 UTC by Josh Larios
Modified: 2010-09-13 16:05 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-09-13 16:05:02 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Josh Larios 2006-11-14 09:06:35 UTC
Description of problem:

I can use wget and lynx to log into RHN and retrieve
https://rhn.redhat.com/rhn/YourRhn.do, but not

I have traced this to an inability of lynx and wget to store cookies which
expire after Tue, 19-Jan-2038 03:14:07 GMT, aka gmtime(2**31-1). 

For some reason, the pxt-session-cookie cookie is set to expire well beyond that
date. In my test just now, it was set to expire on Sun, 27-Sep-2043 17:03:58 GMT. 

While this isn't necessarily a bug with RHN, exactly, it's the first time I've
seen a cookie set to expire beyond 2038. And given that it claims to be a
session cookie, which I'd expect to have a shorter lifetime than 36 years, it
seems odd.

Version-Release number of selected component (if applicable):

Red Hat Network release 4.1.5, as reported by rhn.redhat.com.

How reproducible:

Log into https://rhn.redhat.com/ with the LiveHTTPHeaders firefox extension
turned on and examine the Set-Cookie headers sent by the server.

Steps to Reproduce:
1. Download, install and enable LiveHTTPHeaders from
2. Log into https://rhn.redhat.com/rhn/YourRhn.do
3. Examine the Set-Cookie headers sent by the server.
Actual results:

An expiration date past 2038:

Set-Cookie: pxt-session-cookie=3013414990x86e8a634f140eb23457c66bde1907af5; Doma
in=rhn.redhat.com; Expires=Sun, 27-Sep-2043 17:03:58 GMT; Path=/; Secure

Expected results:

A more reasonable expiration date, such as this one:

Set-Cookie: rh_user=uwjdlarios|Joshua|customer|; Domain=.redhat.com; Expires=Wed
, 14-Nov-2007 08:01:59 GMT; Path=/

Additional info:

To reproduce using wget:

wget \
 -O hidden.txt \
 --keep-session-cookies \
 --save-cookies cookies.txt \

hidden=`grep _flowExecutionKey hidden.txt | perl -pe 's/.*value="([^"]+)".*/\1/'`

wget -S -dv \
 --post-data="username=[YOUR RHN USERNAME]&password=[YOUR RHN
PASSWORD]&_flowId=login-flow&_flowExecutionKey=$hidden&_eventId_submit=Log+In" \
 --keep-session-cookies \
 --load-cookies cookies.txt \
 --save-cookies cookies.txt \
%2Frhn.redhat.com%2Frhn%2FYourRhn.do" \

Verify that some cookies such as rh_sso, rh_user and rh_shared_auth have been
saved in cookies.txt, but pxt-session-cookie has not.

Comment 1 Josh Larios 2006-11-14 09:09:42 UTC
Nuts. Clearly some long lines were cut and wrapped inappropriately. It should be
clear which they are, though.

Comment 2 Red Hat Bugzilla 2007-04-12 01:43:31 UTC
User bnackash@redhat.com's account has been closed

Comment 5 Sebastian Skracic 2010-07-26 11:05:59 UTC
Fixed in 1f808c008457ffebd592c78e7cda86bd73bdbc85.

Comment 6 Grant Gainey 2010-07-26 22:00:47 UTC
Verified in WEBDEV

Comment 7 venkat 2010-08-27 20:06:53 UTC
verified in QA.

Note You need to log in before you can comment on or make changes to this bug.