I am trying to set cookies in a javascript file, and I need to set the "max-age" of cookies for 2 years. Probably the cookie updated to 1 year and a few days only.
Does someone know if there is any limit on the expired date?
My test in dev-tools that doesn't work: document.cookie='test=res;path=/;max-age=31619000';
CodePudding user response:
400 days (or less depending on the browser).
HTTP Working Group Specification states the following:
The user agent MUST limit the maximum value of the Expires attribute. The limit SHOULD NOT be greater than 400 days (34560000 seconds) in the future. The RECOMMENDED limit is 400 days in the future, but the user agent MAY adjust the limit (see Section 7.2). Expires attributes that are greater than the limit MUST be reduced to the limit.
Explanation from chrome status
When cookies are set with an explicit Expires/Max-Age attribute the value will now be capped to no more than 400 days in the future. Previously, there was no limit and cookies could expire as much as multiple millennia in the future.
400 days was chosen as a round number close to 13 months in duration. 13 months was chosen to ensure that sites one visits roughly once a year (e.g., picking health insurance benefits) will continue to work.