Bug 9926 - Bugzilla cookies have Y2K bug ???
Summary: Bugzilla cookies have Y2K bug ???
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: Bugzilla
Classification: Community
Component: Bugzilla General
Version: 2.1r
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: David Lawrence
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-03-02 22:10 UTC by Riley H Williams
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2000-03-03 02:45:24 UTC
Embargoed:


Attachments (Terms of Use)

Description Riley H Williams 2000-03-02 22:10:45 UTC
Apparently, the bugzilla cookie generator is suffering from some form of
Y2K hangover, as all the cookies it's sending me are labelled as expiring
at "Thu Jan  1 01:00:01 1970" and, as a result, Linux Netscape promptly
expires them...

Comment 1 Riley H Williams 2000-03-02 22:11:59 UTC
Is this possibly the reason why it keeps asking for login and password, as so
many people have reported?

Comment 2 David Lawrence 2000-03-03 02:45:59 UTC
I am not able to reproduce this on a test machine. When logging in it will set
your cookies to

Fri Jun 29 20:10:50 2029

and if you click LogOut on the bottom the screen you will get the date that you
mentioned earlier but that is normal behaviour.

The other problems reported may be related to bug # 9598 and people should try
that to see if it solves there problem.

Comment 3 Keith Owens 2000-03-10 09:04:59 UTC
After removing all bugzilla cookies, I still get the problem where it says I am
not logged in.  Starting from an empty cookie file using Netscape 4.51, glibc
2.1, linux 2.2.14, ix86.  Bugzilla creates 3 cookies, Bugzilla_login,
Bugzilla_logincookie and Bugzilla_password.  The first two expire in 2029, the
third expires 1970!

Comment 4 David Lawrence 2000-03-10 15:54:59 UTC
The reason that the third is set to 1970 is on purpose. The older versions of
bugzilla that were around use to store the user's password int he cookies file
which ended up being a bad idea. So now the password is stored inthe database
and the Bugzilla_password is set to blank with an 1970 (automatically expiring)
date to clear out any old passwords people might have still lurking around.

Comment 5 Riley H Williams 2000-03-11 18:13:59 UTC
I've just checked, and the date it is setting for that third cookie as seen here
is...

     Jan 0 19:00:00 1970

Can I query that 0 for the day? I have to suspect that some sort of timezone
wrap problem is hitting here.

If you're using the 1st as the date, can I suggest you change it, and use
something that can wrap cleanly to at least bypass this problem. Setting it to
use Jan 15 12:00:00 1984 (for example) should still have the same result, but
prevents any wrap problems from occurring...


Note You need to log in before you can comment on or make changes to this bug.