-
Bug
-
Resolution: Fixed
-
P4
-
8
-
b134
-
Verified
HttpCookie.setMaxAge() accepts arbitrary negative value (which means Max-Age is unspecified), yet the rest of the code only checks maxAge==-1 to see if it's unspecified. That seems inconsistent. For example:
cookie.setMaxAge(-2); // Max-Age unspecified
cookie.hasExpired(); // return true
Shouldn't the code checks maxAge<0 to see if it's unspecified?
Also, there seems to be another problem: in HttpCookie.parse(header), if the header contains an "expires" attribute in the past, for example:
Set-Cookie: n=v; expires=Thu, 01 Jan 1970 00:00:00 GMT
maxAge will be set to a negative value (i.e. unspecified) per
cookie.setMaxAge(cookie.expiryDate2DeltaSeconds(attrValue));
I think it's probably better to set maxAge=0 in this case, meaning it is specified to be immediately expired.
cookie.setMaxAge(-2); // Max-Age unspecified
cookie.hasExpired(); // return true
Shouldn't the code checks maxAge<0 to see if it's unspecified?
Also, there seems to be another problem: in HttpCookie.parse(header), if the header contains an "expires" attribute in the past, for example:
Set-Cookie: n=v; expires=Thu, 01 Jan 1970 00:00:00 GMT
maxAge will be set to a negative value (i.e. unspecified) per
cookie.setMaxAge(cookie.expiryDate2DeltaSeconds(attrValue));
I think it's probably better to set maxAge=0 in this case, meaning it is specified to be immediately expired.