Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the difference between cookies maxAge and expiry

I'm on NodeJS, Express app i am using cookies for some features of my app. I need to set cookie life to one month.

For this very purpose i've set cookie maxAge to days*hoursPerDay*minutesPerHour*secondsPerMinute*1000 to achieve one month time 30*24*60*60*1000 = 2592000000.

Yet in browser expiry of my cookies is near 10 hours.

What am i missing, my calculations are wrong? or I am using wrong attribute(maxAge)?

Also what is the difference between maxAge and expiry attribute of cookies?

like image 649
KKK Avatar asked Apr 21 '14 12:04

KKK


People also ask

What happen if cookie expires max-age is session?

Using cookies to do stuff Cookies without an Expires or Max-Age attribute are treated as session cookies, which means they are removed once the browser is closed. Setting a value on either Expires or Max-Age makes them permanent cookies, since they will exist until they hit their expiry date.

What does cookie expiry mean?

The cookie expiration refers to how long that cookie stays on their browser. As long as that cookie is still on the user's browser when they ultimately do finalize a purchase, you'll get credit as an affiliate. Cookies will be deleted automatically once they've reached the expiration date.

How do I know if my cookies are expired?

If you are using Chrome you can goto the "Resources" tab and find the item "Cookies" in the left sidebar. From there select the domain you are checking the set cookie for and it will give you a list of cookies associated with that domain, along with their expiration date.

What should be the max-age of a cookie?

Persistent cookies are not deleted by the browser when the user closes it. These cookies have an expiration date that you can set in your server. You can set a cookie to expire in a day or ten years.


1 Answers

As far as i know, maxAge wont save in cookie's specifications.
As Don't trust Cookie setMaxAge demonstrated, The mechanism of maxAge works like Change/manipulate expiration date of cookie (based on SERVER_SIDE) but browser checks cookie's expiration date, based on CLIENT_SIDE.
From my point of view, This is misbehavior. Because in order to make max-age work as expected, both client/server DateTime should be synchronized.

like image 98
Rzassar Avatar answered Sep 28 '22 03:09

Rzassar