6

setMaxAge is supposed to control the maximum age of a cookie, so if my intention is to literally set the maximum age possible the logical thing would be doing:

cookie.setMaxAge(Integer.MAX_VALUE);

However this results in no Expires in cookie HTTP header at all, I'm testing it on a WebSphere 7. Setting it to something like 1 year measured in seconds works fine.

Why is that happening?

PS Have just tested on Tomcat7 - Integer.MAX_VALUE results in Max-Age=2147483647; Expires=Wed, 06-Mar-2080 21:30:32 GMT, so it must be something wrong with WebSphere.

Oleg Mikheev
  • 17,186
  • 14
  • 73
  • 95
  • http://www.javaworld.com/community/node/3673 – AllTooSir Feb 17 '12 at 16:12
  • Yes, that's my article. But there's nothing about Integer.MAX_VALUE in it. – Oleg Mikheev Feb 17 '12 at 17:58
  • Quick test, worked as you were expecting on WebSphere 6.1. I don't have a WebSphere 7 environment on which to test. Did you test other expiration values? – dbreaux Feb 17 '12 at 21:12
  • I just ran a quick test on WAS 7 and found the same thing that you did. Cookies with other max ages are created as expected, but not for cookies with the max age set to Integer.MAX_VALUE or other large values. (I tried some arbitrary large values - 1500000000 worked but 2000000000 did not.) – shelley Feb 17 '12 at 23:49
  • So this must be a bug in WAS 7. Anyone wants to report to IBM? will be glad to accept an answer which says APAR is being produced. – Oleg Mikheev Feb 20 '12 at 13:51

2 Answers2

3

Problem is described in http://www-01.ibm.com/support/docview.wss?uid=swg1PM34869. Cause is a kind of millenium problem: WAS7 writes cookies date as YY, WAS6 as YYYY

Gerrit van Brakel
  • 46
  • 2
2

instead of setting the max age for a cookie, this setMaxAge method adds the int parameter seconds to the current SERVER date/time and puts this new date/time value to a cookie as its expiration time. Later, when this cookie is sent to the browser, this expiration date is compared to the CLIENT date/time, and cookie gets expired if its expiration date is in past.

so instead of using setMaxAge(int) use method with the date and time.

Rajkumar Singh
  • 1,557
  • 12
  • 5
  • 2
    Do you realise that you have copied and pasted text from an article written by @Oleg in order to answer the question he asked? http://www.javaworld.com/article/2073096/don-t-trust-cookie-setmaxage.html – Edd Jun 16 '16 at 16:43