Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-3537

Cookie “Expires” attribute points to a date in the past when Max-Age == 30 days

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 8.0.0.Final
    • Fix Version/s: 9.0.0.Alpha1
    • Component/s: Web (Undertow)
    • Labels:
      None
    • Environment:

      XUbuntu 14.01

    • Steps to Reproduce:
      Hide

      Set a cookie for 30 days, check Set-Cookie header and its Expires attribute in browser.

      Show
      Set a cookie for 30 days, check Set-Cookie header and its Expires attribute in browser.
    • Workaround:
      Workaround Exists
    • Workaround Description:
      Hide

      As I wrote in my thread on stackoverflow there's a workaround for this issue. Cookie header must be constructed manually in the following way:

      protected void set(final String name, final String value, final long maximumAgeInSeconds, final HttpServletRequest request)

      { // ServletActionContext.getResponse().addCookie(newInstance(name, value, maximumAgeInSeconds, request)); ServletActionContext.getResponse().addHeader("Set-Cookie", cookieValue(name, value, maximumAge, request)); }

      protected static String cookieValue(final String name, final String value, final long maximumAgeInSeconds, final HttpServletRequest request)

      { final SimpleDateFormat cookieExpiresHeaderFormat = new SimpleDateFormat("EEE, dd-MMM-yyyy HH:mm:ss zzz"); cookieExpiresHeaderFormat.setTimeZone(new SimpleTimeZone(0, "GMT")); final Date d = new Date(); d.setTime(d.getTime() + maximumAgeInSeconds * 1000L); final String cookieLifeTime = cookieExpiresHeaderFormat.format(d); return name + "=" + value + "; Expires=" + cookieLifeTime + "; Max-Age=" + maximumAge + "; Path=" + request.getContextPath(); }
      Show
      As I wrote in my thread on stackoverflow there's a workaround for this issue. Cookie header must be constructed manually in the following way: protected void set(final String name, final String value, final long maximumAgeInSeconds, final HttpServletRequest request) { // ServletActionContext.getResponse().addCookie(newInstance(name, value, maximumAgeInSeconds, request)); ServletActionContext.getResponse().addHeader("Set-Cookie", cookieValue(name, value, maximumAge, request)); } protected static String cookieValue(final String name, final String value, final long maximumAgeInSeconds, final HttpServletRequest request) { final SimpleDateFormat cookieExpiresHeaderFormat = new SimpleDateFormat("EEE, dd-MMM-yyyy HH:mm:ss zzz"); cookieExpiresHeaderFormat.setTimeZone(new SimpleTimeZone(0, "GMT")); final Date d = new Date(); d.setTime(d.getTime() + maximumAgeInSeconds * 1000L); final String cookieLifeTime = cookieExpiresHeaderFormat.format(d); return name + "=" + value + "; Expires=" + cookieLifeTime + "; Max-Age=" + maximumAge + "; Path=" + request.getContextPath(); }

      Description

      I've documented that here:
      http://stackoverflow.com/questions/24351257/expires-attribute-points-to-a-date-in-the-past

      and answered myself.

      The problem came out after upgrading (from Jboss 7) to Wildfly. It's not possible to set a cookie for more than MaxInt (in miliseconds) time for IE browsers which does not support Max-Age but rely on "Expires" attribute, which in this case is calculated wrong.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                swd847 Stuart Douglas
                Reporter:
                anubis.thegreat Anubis TheGreat
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: