Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-3537

Cookie “Expires” attribute points to a date in the past when Max-Age == 30 days

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 9.0.0.Alpha1
    • 8.0.0.Final
    • Web (Undertow)
    • None
    • Hide

      Set a cookie for 30 days, check Set-Cookie header and its Expires attribute in browser.

      Show
      Set a cookie for 30 days, check Set-Cookie header and its Expires attribute in browser.
    • Workaround Exists
    • Hide

      As I wrote in my thread on stackoverflow there's a workaround for this issue. Cookie header must be constructed manually in the following way:

      protected void set(final String name, final String value, final long maximumAgeInSeconds, final HttpServletRequest request)
      {
      // ServletActionContext.getResponse().addCookie(newInstance(name, value, maximumAgeInSeconds, request));
      ServletActionContext.getResponse().addHeader("Set-Cookie", cookieValue(name, value, maximumAge, request));
      }
      protected static String cookieValue(final String name, final String value, final long maximumAgeInSeconds, final HttpServletRequest request)
      {
      final SimpleDateFormat cookieExpiresHeaderFormat = new SimpleDateFormat("EEE, dd-MMM-yyyy HH:mm:ss zzz");
      cookieExpiresHeaderFormat.setTimeZone(new SimpleTimeZone(0, "GMT"));
      final Date d = new Date();
      d.setTime(d.getTime() + maximumAgeInSeconds * 1000L);
      final String cookieLifeTime = cookieExpiresHeaderFormat.format(d);
      return name + "=" + value + "; Expires=" + cookieLifeTime + "; Max-Age=" + maximumAge + "; Path=" + request.getContextPath();
      }

      Show
      As I wrote in my thread on stackoverflow there's a workaround for this issue. Cookie header must be constructed manually in the following way: protected void set(final String name, final String value, final long maximumAgeInSeconds, final HttpServletRequest request) { // ServletActionContext.getResponse().addCookie(newInstance(name, value, maximumAgeInSeconds, request)); ServletActionContext.getResponse().addHeader("Set-Cookie", cookieValue(name, value, maximumAge, request)); } protected static String cookieValue(final String name, final String value, final long maximumAgeInSeconds, final HttpServletRequest request) { final SimpleDateFormat cookieExpiresHeaderFormat = new SimpleDateFormat("EEE, dd-MMM-yyyy HH:mm:ss zzz"); cookieExpiresHeaderFormat.setTimeZone(new SimpleTimeZone(0, "GMT")); final Date d = new Date(); d.setTime(d.getTime() + maximumAgeInSeconds * 1000L); final String cookieLifeTime = cookieExpiresHeaderFormat.format(d); return name + "=" + value + "; Expires=" + cookieLifeTime + "; Max-Age=" + maximumAge + "; Path=" + request.getContextPath(); }

    Description

      I've documented that here:
      http://stackoverflow.com/questions/24351257/expires-attribute-points-to-a-date-in-the-past

      and answered myself.

      The problem came out after upgrading (from Jboss 7) to Wildfly. It's not possible to set a cookie for more than MaxInt (in miliseconds) time for IE browsers which does not support Max-Age but rely on "Expires" attribute, which in this case is calculated wrong.

      Attachments

        Activity

          People

            sdouglas1@redhat.com Stuart Douglas
            anubis.thegreat Anubis TheGreat (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: