CCBill code to set cookies is malformed

I just discovered the HTTP header code CCBill uses to set affiliate cookies is malformed. Here’s an example:

Set-Cookie: 917833=CLICKS2xxWAEVsmOZT6t8ryDiItk8ZwBtWHLb2R5!PX0ImB^PNcIncgl893aYl1grn182U*; expires=? 16-Feb-21 08:02:57 GMT; path=/; domain=.ccbill.com

Notice the ? and space after “expires=” – that’s not supposed to be there. I’m guessing they meant for it to be something like “expires=Tue 16-Feb-21”, but the day of the week is showing as a question mark. (It’s optional/redundant, so doesn’t need to be there at all).

Since some CCBill sales are still being credited, I’m guessing some browsers can figure out what they meant. But others probably can’t, or they reduce the cookie to a session cookie that goes away after the browser is closed which is bad for affiliates.

If you want to complain about this, their affiliate support email is [email protected]

If you contact them it’s probably a good idea to check to make sure it’s happening to links you use. You can do that here: http://www.rexswain.com/httpview.html Make sure you tell it NOT to follow links – you just need to see the headers for the initial response.