Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8005068

HttpCookie does not correctly handle negative maxAge values

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P4 P4
    • 9
    • 8
    • core-libs
    • b134
    • Verified

      HttpCookie.setMaxAge() accepts arbitrary negative value (which means Max-Age is unspecified), yet the rest of the code only checks maxAge==-1 to see if it's unspecified. That seems inconsistent. For example:

           cookie.setMaxAge(-2); // Max-Age unspecified
           cookie.hasExpired(); // return true

      Shouldn't the code checks maxAge<0 to see if it's unspecified?

      Also, there seems to be another problem: in HttpCookie.parse(header), if the header contains an "expires" attribute in the past, for example:

          Set-Cookie: n=v; expires=Thu, 01 Jan 1970 00:00:00 GMT
        
         maxAge will be set to a negative value (i.e. unspecified) per

         cookie.setMaxAge(cookie.expiryDate2DeltaSeconds(attrValue));

      I think it's probably better to set maxAge=0 in this case, meaning it is specified to be immediately expired.

            snikandrova Svetlana Nikandrova (Inactive)
            chegar Chris Hegarty
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: