Hi everyone I ve following question There is a cookie defini kotlinlang #ktor

data class Cookie(
    val name: String,
    val value: String,
    val encoding: CookieEncoding = CookieEncoding.URI_ENCODING,
    val maxAge: Int = 0,

How it's possible to set cookie without 'maxage' - per standard, it means the lifetime of cookie is restricted by lifetime of client ?

spand

07/05/2019, 2:30 PM

Are you sure maxAge gets written if its 0 ?

Sergey Akhapkin

07/05/2019, 2:35 PM

I did not (will check), but 0 is also valid value which means cookie should expire immediately

spand

07/05/2019, 2:37 PM

Not according to this: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#Syntax

Set-Cookie: <cookie-name>=<cookie-value>; Max-Age=<non-zero-digit>

tipsy

07/05/2019, 2:40 PM

set it to -1

Sergey Akhapkin

07/05/2019, 2:44 PM

https://tools.ietf.org/html/rfc6265#page-20

5.2.2.  The Max-Age Attribute
...
Let delta-seconds be the attribute-value converted to an integer.

   If delta-seconds is less than or equal to zero (0), let expiry-time
   be the earliest representable date and time.  Otherwise, let the
   expiry-time be the current date and time plus delta-seconds seconds.

Well, to be honest, in RFC the syntax is also:

max-age-av        = "Max-Age=" non-zero-digit *DIGIT
                       ; In practice, both expires-av and max-age-av
                       ; are limited to dates representable by the
                       ; user agent.
 non-zero-digit    = %x31-39
                       ; digits 1 through 9

However 5.2.2. states that result can be zero.

Just checked, set maxAge to zero works for me. Thanks.

Anyway, it's not obvious, imho nullable maxAge sounds better.

#ktor Join Slack