Reputation: 4993
cookie.setMaxAge strange behaviour
I work in a jsp based website that needs cookies enabled in order to navigate it (It is an internal site, it will not be exposed to the internet).
The first visit of a user will return a 302 to the same url that was requested, and set a cookie for an hour.
I am using Cookie.setMaxAge(60*60); to set the expiry date.
I am having a really weird behaviour with some versions of some browsers where they keep redirecting forever. (Some work, some don't work).
After a lot of investigation, we've discovered that the time in the server is not set to the correct time, and it has its time set to two hours and a half in the past, rsulting on that the cookie may "expired" as it is set. (here's my doubt)
Unfortunately this is a production server and I cannot change it easily (it's being requested but it will take some time).
Just to confirm this was the issue, I changed the time of a client machine to two hours and a half in the past and it started to work fine in that machine.
My questions are :
- what information is sent to the browser (regarding cookie expiry
date), it is an absolute date or is it relative to the current time?. - does the browser send cookies if they are expired along with the expiry date or the browser just don't send them if they are expired? ( I think is the second option).
- as I had trouble with some browser and it worked with others, dont' know exactly here's the problem, in the appserver or in the browser?
[EDIT]
After reading RFC 6265 as Arham suggest, the expiry date can be set by the server as absolute or relative. In case both are presenr, relative takes precedence. The appserver I am using is setting the cookie with the absolute value (which is probably wrong), so I don't understand how it is working on some browsers.
[/EDIT]
Thanks in advance.
Upvotes: 0
Views: 2254
Answers (2)
Reputation: 2635
How about javascript cookies?
http://www.w3schools.com/js/js_cookies.asp
Upvotes: 1
Reputation: 2102
- As per RFC 1123, the date is specified in the form of “Wdy, DD Mon YYYY HH:MM:SS GMT”.
- As per RFC 6265, the cookie’s expiration is relative to the time the browser received the cookie.
- Browser deletes the cookie once it's expired, hence it cant send the same cookie to the server.
Upvotes: 2
Related Questions
- In Java servlet, cookie.getMaxAge() always returns -1
- JEE Servlet / JS: document.cookie not returning same thing between Chrome and IE
- Cookie maxAge always -1
- Java Servlet not deleting cookies
- Why is my cookie value not set?
- what's the deal with Cookie.setMaxAge(Integer.MAX_VALUE)?
- why cookie.getMaxAge() = -1?
- Cookies not being read correctly in JSP
- Is the behaviour of Java Cookie.setMaxAge(0) down to implementation or is there a specification?
- Cookie getMaxAge