[External] : HttpCookie: Unparseable Expires attribute causes immediate expiration
Hyunsu Eun
ehs122100 at gmail.com
Mon Mar 2 13:35:41 UTC 2026
Hi,
It seems that java.net.HttpCookie treats cookies with an
unparseable Expires attribute as immediately expired.
According to RFC 6265 (section 5.2.1), if the Expires value
fails to parse as a cookie date, the attribute should be ignored.
In that case, the cookie should remain a session cookie rather
than being treated as expired.
From reading the implementation, this appears to stem from
HttpCookie.expiryDate2DeltaSeconds() returning 0 when parsing
fails, after which maxAge is set to 0.
Would this be considered a bug?
I can provide a small reproducer if helpful, and would be
happy to file a JBS issue and prepare a patch if appropriate.
Thanks,
Hyunsu Eun
More information about the net-dev
mailing list