when creating a cookie with

@GetMapping("getCookieUsingResponseCookie")
  public ResponseEntity<?> getCookieUsingResponseCookie() {
   Duration d = Duration.ofDays(7);
    ResponseCookie cookie = ResponseCookie.from("LWSSO_COOKIE_KEY","123-LWSSO_COOKIE_KEY-VALUE-456")
      .domain("localhost")
      .httpOnly(true)
//      .maxAge(1000 * 60 * 60 * 24 * 7) // a week
      .maxAge(d)
//      .maxAge(500) // a week
      .path("/")
      .secure(true)
      .build();
    HttpHeaders headers = new HttpHeaders();
    headers.set(HttpHeaders.SET_COOKIE, cookie.toString());    
    System.out.println(cookie.toString());    
   ResponseEntity<?> response = new ResponseEntity<>(null, headers, HttpStatus.OK);  
   return response;
  }

or even if I use

.maxAge(1000 * 60 * 60 * 24 * 7) // a week

instead of a duration the cookie looks like:

Set-Cookie: LWSSO_COOKIE_KEY=123-LWSSO_COOKIE_KEY-VALUE-456; Path=/; Domain=localhost; Max-Age=PT168H; Expires=Tue, 14 Jun 2022 22:35:02 GMT; Secure; HttpOnly

the Max-Age=PT168H seems wrong compared to other cookies or using javax.servlet.http.Cookie

Looked in the RFC but did not see anything about that format. Is this a bug?

CodePudding user response：

No, it's not a bug.

According to documentation maxAge attribute is type java.time.Duration. So, what you see is toString() representation of Duration object.

Duration toString() returns a string representation of duration using ISO-8601 seconds based representation, such as PT8H6M12.345S.

The format of the string will be PTnHnMnS, where n is the relevant hours, minutes or seconds part of the duration.

Examples:

"20.345 seconds"                 -- "PT20.345S
"15 minutes" (15 * 60 seconds)   -- "PT15M"
"10 hours" (10 * 3600 seconds)   -- "PT10H"
"2 days" (2 * 86400 seconds)     -- "PT48H"

So 7 days will have 7*24 hours which is 168 hours in total, which will be described using above schema as : PT168H