Document for cookie expires annotation

[skeeey]

What this PR does / why we need it:
Document for cookie expires annotation

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #

Special notes for your reviewer:
/assign @ElvinEfendi

[ElvinEfendi]

Are you sure this is the correct expiry given the annotation is set to 172800? Isn’t the annotation value a Unix timestamp ?

[skeeey]

Sure, there is a screenshot from my test enviroment

[skeeey]

@ElvinEfendi Any more comments?

[ElvinEfendi]

@skeeey as you can see from your screenshot it is set to 03 January 1970 which is expected given the way you implemented the feature. However in the docs you say it will be 07 Nov 2018.

[skeeey]

@ElvinEfendi, for my screenshot, it is dev environment, I do not adjust the system time (the initial system time is 01 January 1970), so the result is 03 January 1970, but for document, I think, if user adjust his system time, it is more close to real world, Do you think we should keep the result as dev environment? if it is the expected, I can change this

[ElvinEfendi]

01 January 1970 is Unix epoch time, same in every Unix based system.

[aledbf]

@ElvinEfendi ping

[ElvinEfendi]

This is not an accurate description. This value is rather a date as UNIX timestamp that the cookie will expire on.

[skeeey]

change this to

|nginx.ingress.kubernetes.io/session-cookie-expires|The value is rather a date as UNIX timestamp that the cookie will expire on, it will correspond to cookie `Expires` directive|UNIX timestamp|

Do you think this is OK or not?

[ElvinEfendi]

Looks good with a slight adjustment to the description as following:

The value is a date as UNIX timestamp that the cookie will expire on, it corresponds to cookie Expires directive

[ElvinEfendi]

@skeeey I think there's a flaw in the implementation. Let's say as in your example we set session-cookie-expires to 172800. With that whenever you send a request it will always set Expires to 03 January 1970, whereas expected behaviour should be it sets the Expires to <UNIX timestamp at the time of request> + 172800 so that the cookie lasts for 2 days.

[skeeey]

@skeeey I think there's a flaw in the implementation. Let's say as in your example we set session-cookie-expires to 172800. With that whenever you send a request it will always set Expires to 03 January 1970, whereas expected behaviour should be it sets the Expires to <UNIX timestamp at the time of request> + 172800 so that the cookie lasts for 2 days.

@ElvinEfendi, you are right, I examine the current implementation, I think the implementation is right, I use ngx.cookie_time to format the session-cookie-expires,

if self.cookie_expires and self.cookie_expires ~= "" then
      cookie_data.expires = ngx.cookie_time(tonumber(self.cookie_expires))
end

so the behavior should be our expected, the problem is the document is wrong, so I plan to update the example to

nginx.ingress.kubernetes.io/session-cookie-expires: "1546912535"
nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"

to distinguish the session-cookie-max-age

and this example will yield

Set-Cookie: INGRESSCOOKIE=a9907b79b248140b56bb13723f72b67697baac3d; Expires=Tue, 08-Jan-19 01:55:35 GMT; Max-Age=172800; Path=/; HttpOnly

Do you think this is OK or not?

[ElvinEfendi]

  cookie_data.expires = ngx.cookie_time(tonumber(self.cookie_expires))

@skeeey the problem is here, it should look like this:

      cookie_data.expires = ngx.cookie_time(ngx.time() + tonumber(self.cookie_expires))

otherwise as I explained at #3363 (comment) everyone is going to get same Expires value in their cookie whenver (today, tomorrow, after week etc.) they get the cookie.

[skeeey]

@ElvinEfendi, I am confused by timestamp :), yes, I should add it, I correct the code and document, please see the new code diff, thanks

BTW, the current example date is Date: Fri, 10 Feb 2017 14:11:12 GMT, so if the session-cookie-expires is 172800, it should be Sun, 12-Feb-17 14:11:12 GMT

[skeeey]

@ElvinEfendi, the CI test failed, would you have a look? because I can run the test in my environment successfully

[ElvinEfendi]

This is going to be flaky. Imagine you send the request at the very end of a second and by the time this code is being evaluated next second starts. Then the assertion below won't succeed because actual datetime will have second n, whereas expected will have n+1

I suggest you drop seconds from the format and leave only minute granularity.

[ElvinEfendi]

@skeeey this is looking good now. Once you address https://github.com/kubernetes/ingress-nginx/pull/3363/files#r246778598 please squash your commits.

[aledbf]

/check-cla

[aledbf]

@ElvinEfendi ping (last PR to be included in 0.22)

[ElvinEfendi]

This is not accurate now that we made this annotation to accept number of seconds as well (it gets appended to current time to generate date for Expires attribute)

[ElvinEfendi]

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ElvinEfendi, skeeey

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [ElvinEfendi]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment