From 1b2a52d214d92f543c9e0651f56c3292b23655a5 Mon Sep 17 00:00:00 2001
From: Xavier Del Campo Romero <xavi92@disroot.org>
Date: Thu, 12 Feb 2026 15:55:13 +0100
Subject: Add optional expiration date to http_cookie_create

So far, libweb had been arbitrarily appending a 1-year expiration date
to all HTTP cookies. While good enough for some contexts, libweb should
allow users to set up their own, if any, so this arbitary decision has
been eventually removed.
---
 http.c | 36 +++++++++++++-----------------------
 1 file changed, 13 insertions(+), 23 deletions(-)

(limited to 'http.c')

diff --git a/http.c b/http.c
index 806171d..098912b 100644
--- a/http.c
+++ b/http.c
@@ -2748,29 +2748,11 @@ failure:
     return ret;
 }
 
-static int append_expire(struct dynstr *const d)
+static int append_expire(struct dynstr *const d, const struct tm *const exp)
 {
-    time_t t = time(NULL);
-
-    if (t == (time_t)-1)
-    {
-        fprintf(stderr, "%s: time(3): %s\n", __func__, strerror(errno));
-        return -1;
-    }
-
-    t += 365 * 24 * 60 * 60;
-
-    struct tm tm;
-
-    if (!localtime_r(&t, &tm))
-    {
-        fprintf(stderr, "%s: localtime_r(3): %s\n", __func__, strerror(errno));
-        return -1;
-    }
-
     char s[sizeof "Thu, 01 Jan 1970 00:00:00 GMT"];
 
-    if (!strftime(s, sizeof s, "%a, %d %b %Y %H:%M:%S GMT", &tm))
+    if (!strftime(s, sizeof s, "%a, %d %b %Y %H:%M:%S GMT", exp))
     {
         fprintf(stderr, "%s: strftime(3) failed\n", __func__);
         return -1;
@@ -2784,15 +2766,23 @@ static int append_expire(struct dynstr *const d)
     return 0;
 }
 
-char *http_cookie_create(const char *const key, const char *const value)
+char *http_cookie_create(const char *const key, const char *const value,
+    const struct tm *const exp)
 {
     struct dynstr d;
 
     dynstr_init(&d);
 
-    if (dynstr_append(&d, "%s=%s; HttpOnly; SameSite=Strict", key, value)
-        || append_expire(&d))
+    if (dynstr_append(&d, "%s=%s; HttpOnly; SameSite=Strict", key, value))
+    {
+        fprintf(stderr, "%s: dynstr_append failed\n", __func__);
         goto failure;
+    }
+    else if (exp && append_expire(&d, exp))
+    {
+        fprintf(stderr, "%s: append_expire failed\n", __func__);
+        goto failure;
+    }
 
     return d.str;
 
-- 
cgit v1.2.3