CODEWITHSUNDEEP
httpgocookiesexpires-headermax-age
SabuhiGurbani
SabuhiGurbani

Reputation: 121

Golang Cookie Max-Age vs Expire

What is differencies between Expires and Max-Age in Cookie struct ? I cannot understand.

type Cookie struct {
    Name  string
    Value string

    Path       string    // optional
    Domain     string    // optional
    Expires    time.Time // optional
    RawExpires string    // for reading cookies only

    // MaxAge=0 means no 'Max-Age' attribute specified.
    // MaxAge<0 means delete cookie now, equivalently 'Max-Age: 0'
    // MaxAge>0 means Max-Age attribute present and given in seconds
    MaxAge   int
    Secure   bool
    HttpOnly bool
    SameSite SameSite
    Raw      string
    Unparsed []string // Raw text of unparsed attribute-value pairs
}

Upvotes: 8

Views: 11083

Answers (1)

Dylan Reimerink
Dylan Reimerink

Reputation: 7958

They are actually different fields of the Set-Cookie header, not specific to Go.

From the Mozilla docs:

Expires

Indicates the maximum lifetime of the cookie as an HTTP-date timestamp. See Date for the required formatting.

If unspecified, the cookie becomes a session cookie. A session finishes when the client shuts down, after which the session cookie is removed.

Warning: Many web browsers have a session restore feature that will save all tabs and restore them the next time the browser is used. Session cookies will also be restored, as if the browser was never closed.

When an Expires date is set, the deadline is relative to the client the cookie is being set on, not the server.

Max-Age

Indicates the number of seconds until the cookie expires. A zero or negative number will expire the cookie immediately. If both Expires and Max-Age are set, Max-Age has precedence.

Upvotes: 19

Related Questions