Red Hat Bugzilla – Bug 215475
pxt-session-cookie is set to expire in 2043
Last modified: 2010-09-13 12:05:02 EDT
Description of problem: I can use wget and lynx to log into RHN and retrieve https://rhn.redhat.com/rhn/YourRhn.do, but not https://rhn.redhat.com/network/software/download_isos.pxt I have traced this to an inability of lynx and wget to store cookies which expire after Tue, 19-Jan-2038 03:14:07 GMT, aka gmtime(2**31-1). For some reason, the pxt-session-cookie cookie is set to expire well beyond that date. In my test just now, it was set to expire on Sun, 27-Sep-2043 17:03:58 GMT. While this isn't necessarily a bug with RHN, exactly, it's the first time I've seen a cookie set to expire beyond 2038. And given that it claims to be a session cookie, which I'd expect to have a shorter lifetime than 36 years, it seems odd. Version-Release number of selected component (if applicable): Red Hat Network release 4.1.5, as reported by rhn.redhat.com. How reproducible: Log into https://rhn.redhat.com/ with the LiveHTTPHeaders firefox extension turned on and examine the Set-Cookie headers sent by the server. Steps to Reproduce: 1. Download, install and enable LiveHTTPHeaders from http://livehttpheaders.mozdev.org/ 2. Log into https://rhn.redhat.com/rhn/YourRhn.do 3. Examine the Set-Cookie headers sent by the server. Actual results: An expiration date past 2038: Set-Cookie: pxt-session-cookie=3013414990x86e8a634f140eb23457c66bde1907af5; Doma in=rhn.redhat.com; Expires=Sun, 27-Sep-2043 17:03:58 GMT; Path=/; Secure Expected results: A more reasonable expiration date, such as this one: Set-Cookie: rh_user=uwjdlarios|Joshua|customer|; Domain=.redhat.com; Expires=Wed , 14-Nov-2007 08:01:59 GMT; Path=/ Additional info: To reproduce using wget: wget \ -O hidden.txt \ --keep-session-cookies \ --save-cookies cookies.txt \ https://www.redhat.com/wapps/sso/rhn/login.html?redirect=https%3A%2F%2Frhn.redh at.com%2Frhn%2FYourRhn.do hidden=`grep _flowExecutionKey hidden.txt | perl -pe 's/.*value="([^"]+)".*/\1/'` wget -S -dv \ --post-data="username=[YOUR RHN USERNAME]&password=[YOUR RHN PASSWORD]&_flowId=login-flow&_flowExecutionKey=$hidden&_eventId_submit=Log+In" \ --keep-session-cookies \ --load-cookies cookies.txt \ --save-cookies cookies.txt \ --referer="https://www.redhat.com/wapps/sso/rhn/login.html?redirect=https%3A%2F %2Frhn.redhat.com%2Frhn%2FYourRhn.do" \ https://www.redhat.com/wapps/sso/rhn/login.html?redirect=https%3A%2F%2Frhn.redha t.com%2Frhn%2FYourRhn.do Verify that some cookies such as rh_sso, rh_user and rh_shared_auth have been saved in cookies.txt, but pxt-session-cookie has not.
Nuts. Clearly some long lines were cut and wrapped inappropriately. It should be clear which they are, though.
User bnackash@redhat.com's account has been closed
Fixed in 1f808c008457ffebd592c78e7cda86bd73bdbc85.
Verified in WEBDEV
verified in QA.