Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-3537

Cookie “Expires” attribute points to a date in the past when Max-Age == 30 days

    XMLWordPrintable

    Details

    • Steps to Reproduce:
      Hide

      Set a cookie for 30 days, check Set-Cookie header and its Expires attribute in browser.

      Show
      Set a cookie for 30 days, check Set-Cookie header and its Expires attribute in browser.
    • Workaround:
      Workaround Exists
    • Workaround Description:
      Hide

      As I wrote in my thread on stackoverflow there's a workaround for this issue. Cookie header must be constructed manually in the following way:

      protected void set(final String name, final String value, final long maximumAgeInSeconds, final HttpServletRequest request)
      {
      // ServletActionContext.getResponse().addCookie(newInstance(name, value, maximumAgeInSeconds, request));
      ServletActionContext.getResponse().addHeader("Set-Cookie", cookieValue(name, value, maximumAge, request));
      }
      protected static String cookieValue(final String name, final String value, final long maximumAgeInSeconds, final HttpServletRequest request)
      {
      final SimpleDateFormat cookieExpiresHeaderFormat = new SimpleDateFormat("EEE, dd-MMM-yyyy HH:mm:ss zzz");
      cookieExpiresHeaderFormat.setTimeZone(new SimpleTimeZone(0, "GMT"));
      final Date d = new Date();
      d.setTime(d.getTime() + maximumAgeInSeconds * 1000L);
      final String cookieLifeTime = cookieExpiresHeaderFormat.format(d);
      return name + "=" + value + "; Expires=" + cookieLifeTime + "; Max-Age=" + maximumAge + "; Path=" + request.getContextPath();
      }

      Show
      As I wrote in my thread on stackoverflow there's a workaround for this issue. Cookie header must be constructed manually in the following way: protected void set(final String name, final String value, final long maximumAgeInSeconds, final HttpServletRequest request) { // ServletActionContext.getResponse().addCookie(newInstance(name, value, maximumAgeInSeconds, request)); ServletActionContext.getResponse().addHeader("Set-Cookie", cookieValue(name, value, maximumAge, request)); } protected static String cookieValue(final String name, final String value, final long maximumAgeInSeconds, final HttpServletRequest request) { final SimpleDateFormat cookieExpiresHeaderFormat = new SimpleDateFormat("EEE, dd-MMM-yyyy HH:mm:ss zzz"); cookieExpiresHeaderFormat.setTimeZone(new SimpleTimeZone(0, "GMT")); final Date d = new Date(); d.setTime(d.getTime() + maximumAgeInSeconds * 1000L); final String cookieLifeTime = cookieExpiresHeaderFormat.format(d); return name + "=" + value + "; Expires=" + cookieLifeTime + "; Max-Age=" + maximumAge + "; Path=" + request.getContextPath(); }

      Description

      I've documented that here:
      http://stackoverflow.com/questions/24351257/expires-attribute-points-to-a-date-in-the-past

      and answered myself.

      The problem came out after upgrading (from Jboss 7) to Wildfly. It's not possible to set a cookie for more than MaxInt (in miliseconds) time for IE browsers which does not support Max-Age but rely on "Expires" attribute, which in this case is calculated wrong.

        Attachments

          Activity

            People

            Assignee:
            swd847 Stuart Douglas
            Reporter:
            anubis.thegreat Anubis TheGreat (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: