dinky icon indicating copy to clipboard operation
dinky copied to clipboard
verified publisher icon DataLinkDC

[Bug] [dinky-admin] The cookie time format is not compatible with Chrome standards

Open gnixuygnahz opened this issue 1 year ago • 4 comments

Search before asking

  • [X] I had searched in the issues and found no similar issues.

What happened

在登录接口返回的报文头中,设置Cookie过期的时区格式为+0800,而Chrome仅支持接受+0000,HTTP规范中也规定Cookie过期时间的时区必须为+0000时区。

虽然默认过期时长是10小时,但这个问题导致我每次登录之后,仅过2小时就过期了。

参考:https://zhuanlan.zhihu.com/p/454594393?utm_id=0

What you expected to happen

登录接口的Cookie信息返回标准格式的时区,以兼容更多浏览器。

How to reproduce

使用Chrome浏览器

Anything else

No response

Version

1.2.0

Are you willing to submit PR?

  • [ ] Yes I am willing to submit a PR!

Code of Conduct

gnixuygnahz avatar Dec 24 '24 03:12 gnixuygnahz

Hi~@gnixuygnahz Using dinky-dev branch and Chrome 131.0.6778.205 (arm64), I logined at 2024-12-24 16:57:01, as is shown follows, based on Max-Age, cookie expire time is correctly set to 10 hours later, which is Wed, 25 Dec 2024 01:57:01 +0800(Although it uses +0800 timezone, which is not HTTP standards-compliant). The issue of incorrect cookie expire time cannot be reproduced. Could your provide more details to reproduce this bug?

access-control-allow-credentials:true access-control-allow-origin:http://localhost:8000 access-control-expose-headers:dinky-token cache-control:no-cache, no-transform connection:close content-type:application/json date:Tue, 24 Dec 2024 07:57:01 GMT dinky-token:f403a5a1-f129-4b67-ac2c-8073de444f87 set-cookie:dinky-token=f403a5a1-f129-4b67-ac2c-8073de444f87; Max-Age=36000; Expires=Wed, 25 Dec 2024 01:57:01 +0800; Path=/ transfer-encoding:chunked vary:Origin, Access-Control-Request-Method, Access-Control-Request-Headers x-accel-buffering:noe x-powered-by:Express x-real-url:http://127.0.0.1:8888/api/login

MactavishCui avatar Dec 24 '24 08:12 MactavishCui

@MactavishCui The version of the Chrome browser I am using is 105.0.5195.54. A possible reason could be that the version is outdated.

gnixuygnahz avatar Dec 25 '24 01:12 gnixuygnahz

@MactavishCui The version of the Chrome browser I am using is 105.0.5195.54. A possible reason could be that the version is outdated.

@gnixuygnahz Thanks for your reply. Dinky's token control is based on Sa-Token. After reading the document of Sa-Token, I find that currently Sa-Token only support following configurations:

 domain: stp.com
 path: /
 secure: false
 httpOnly: true
 sameSite: Lax

In my opinion, that means the time zone configuration for cookies implemented only by Dinky maybe is not concise without sa-token configuration, do you have any ideas about how to solve this problem?

Besides, maybe you could update the chrome to avoid this problem temporarily.

MactavishCui avatar Dec 25 '24 02:12 MactavishCui

Hello @, this issue has not been active for more than 30 days. This issue will be closed in 7 days if there is no response. If you have any questions, you can comment and reply.

你好 @, 这个 issue 30 天内没有活跃,7 天后将关闭,如需回复,可以评论回复。

github-actions[bot] avatar Mar 01 '25 00:03 github-actions[bot]