Cfcookie using UTC not GMC in 5.3

We have recently updated to Lucee cfcookie is using UTC instead of GMT which breaks inter-operability with the .net HttpWebRequest.CookieContainer.

I have seen a discussion with MS engineers (circa 2018) where they discussed accepting UTC as well as GMT in Expires etc but they were of the opinion that somewhere the RFC’s are explicit in that only GMT is acceptable.

I looked through RFC 7234 and 6265 and didn’t see any specific notation to the effect that UTC wasn’t acceptable though all examples are given in GMT. They had referenced an older RFC as definitive but I’ve been unable find the conversation again. I don’t know if this should be considered a bug or just something for people to be aware of.


Did you update from an earlier version of Lucee that used GMT? Or have you updated from another engine? For example ACF.

Lucee 5.1 was using GMT as was the 4.* releases.