Fix validation issue for maxAge greater than 2^31 #11

manu-st · 2017-01-18T18:56:54Z

If you have a cookie with the maxAge to a value larger than 2^31 it causes the SQL queries updating the expiration date to not validate properly. Now we convert the duration in seconds before passing it to the query.

mcartoixa · 2017-01-25T12:42:30Z

Sorry for the delay.

So the value oneDay was also incorrect: thanks for fixing that. But if the maxAge of a cookie can be larger than 2^31ms, why can't it be larger than 2^31s too? Do you think you can find a way to fix the code in order to prevent overflows altogether?

manu-st · 2017-01-25T16:33:50Z

We would need to change the way the function dateadd is used so that we perform the add operation in two steps but I feel this will be too much. Before the fix, the maximum date age was just 24.8 days, now we have 68 years, so this is unlikely to be a problem in practice.

Fix validation issue for maxAge greater than 2^31

4c295b8

If you have a cookie with the maxAge to a value larger than 2^31 it causes the SQL queries updating the expiration date to not validate properly. Now we convert the duration in seconds before passing it to the query.

mcartoixa added a commit that referenced this pull request Aug 11, 2017

#11 maxAge is in milliseconds, and can be greater than an int

4f5d351

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix validation issue for maxAge greater than 2^31 #11

Fix validation issue for maxAge greater than 2^31 #11

manu-st commented Jan 18, 2017

mcartoixa commented Jan 25, 2017

manu-st commented Jan 25, 2017

Fix validation issue for maxAge greater than 2^31 #11

Are you sure you want to change the base?

Fix validation issue for maxAge greater than 2^31 #11

Conversation

manu-st commented Jan 18, 2017

mcartoixa commented Jan 25, 2017

manu-st commented Jan 25, 2017