what's the deal with Cookie.setMaxAge(Integer.MAX_VALUE)?
Solution 1
Problem is described in http://www-01.ibm.com/support/docview.wss?uid=swg1PM34869. Cause is a kind of millenium problem: WAS7 writes cookies date as YY, WAS6 as YYYY
Solution 2
instead of setting the max age for a cookie, this setMaxAge method adds the int parameter seconds to the current SERVER date/time and puts this new date/time value to a cookie as its expiration time. Later, when this cookie is sent to the browser, this expiration date is compared to the CLIENT date/time, and cookie gets expired if its expiration date is in past.
so instead of using setMaxAge(int) use method with the date and time.
Oleg Mikheev
Java professional with over 15 years of experience and financial applications background.
Updated on June 05, 2022Comments
-
Oleg Mikheev almost 2 years
setMaxAge is supposed to control the maximum age of a cookie, so if my intention is to literally set the maximum age possible the logical thing would be doing:
cookie.setMaxAge(Integer.MAX_VALUE);
However this results in no
Expires
in cookie HTTP header at all, I'm testing it on a WebSphere 7. Setting it to something like 1 year measured in seconds works fine.Why is that happening?
PS Have just tested on Tomcat7 - Integer.MAX_VALUE results in
Max-Age=2147483647; Expires=Wed, 06-Mar-2080 21:30:32 GMT
, so it must be something wrong with WebSphere. -
Edd almost 8 yearsDo you realise that you have copied and pasted text from an article written by @Oleg in order to answer the question he asked? javaworld.com/article/2073096/don-t-trust-cookie-setmaxage.html