Set-Cookie header not well-formed
Summary
The Set-Cookie
header for setting the experimentation_subject_id
cookie (or probably GitLab cookies in general) seems to bet not well-formed: RFC 2616 states that HTTP dates must have the GMT
constant string for the timezone, but -0000
is used.
Steps to reproduce
curl -v 'https://gitlab.com'
What is the current bug behavior?
Set-Cookie: experimentation_subject_id=xxx; domain=.gitlab.com; path=/; expires=Mon, 14 Nov 2039 11:00:00 -0000; secure; HttpOnly
What is the expected correct behavior?
Set-Cookie: experimentation_subject_id=xxx; domain=.gitlab.com; path=/; expires=Mon, 14 Nov 2039 11:00:00 GMT; secure; HttpOnly
Output of checks
curl -v 'https://gitlab.com' 2>&1 | grep 'Set-Cookie'
57:< Set-Cookie: experimentation_subject_id=xxx; domain=.gitlab.com; path=/; expires=Mon, 14 Nov 2039 11:00:00 -0000; secure; HttpOnly