On 1/8/26 12:07 p.m., Yoav Weiss (@Shopify) wrote:
LGTM1
This seems like a useful addition. Thanks for collaborating on it with
other vendors.
On Thu, Jan 8, 2026 at 5:47 PM 'Anusha Muley' via blink-dev
<[email protected]> wrote:
Contact emails
[email protected]
Explainer
No information provided
Specification
https://github.com/whatwg/cookiestore/pull/292
<https://github.com/whatwg/cookiestore/pull/292>
Summary
Allows callers to specify a `maxAge` when setting a cookie with
the Cookie Store API. Cookie expiry time is already configurable
using the `expires` attribute, but `maxAge` provides a more
idiomatic option and aligns the Cookie Store API with the options
provided by `document.cookie` and the `Set-Cookie` HTTP Header.
Blink component
Blink>Storage>CookiesAPI
<https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3EStorage%3ECookiesAPI%22>
Web Feature ID
cookie-store <https://webstatus.dev/features/cookie-store>
Motivation
Currently, developers can use the `expires` attribute when setting
a cookie with the Cookie Store API to set an absolute timestamp
for expiry. This can be unintuitive and is impacted by client-side
clock skew. RFC6265bis
<https://datatracker.ietf.org/doc/draft-ietf-httpbis-rfc6265bis/>and
the document.cookie API provide a `Max-Age` attribute, which
allows for relative cookie lifetimes and ergonomic deletion. We
should provide a `maxAge` option in the Cookie Store API to
support relative expiry and align with these APIs.
Initial public proposal
https://github.com/whatwg/cookiestore/issues/57
<https://github.com/whatwg/cookiestore/issues/57>
TAG review
Not requested, this is a relatively small feature that has no
impact on behavior or new information exposed through the API.
TAG review status
Not applicable
Risks
Interoperability and Compatibility
Additive feature with no impact to existing cookies/behavior. Does
not expose additional information or functionality-- setting a
cookie's absolute expiry with the `expires` value is already
supported in the API.
A few questions around interop between 6265bis cookies and CookieStore
cookies (I'm much less familiar with CookieStore):
I don't see any mention of the concept of "cookie-age-limit" (400 days)
that 6265bis defines - how does that work for CookieStore?
https://www.ietf.org/archive/id/draft-ietf-httpbis-rfc6265bis-22.html#section-5.5
Step 13.1 of https://cookiestore.spec.whatwg.org/#set-cookie-algorithm
<https://www.ietf.org/archive/id/draft-ietf-httpbis-rfc6265bis-22.html#section-5.5>
returns failure when a cookie has both expires and max-age, but
https://www.ietf.org/archive/id/draft-ietf-httpbis-rfc6265bis-22.html#section-5.7
requires that max-age wins. Is there any reason for the difference for
Cookie Store?
Gecko: Positive
(https://github.com/mozilla/standards-positions/issues/1334
<https://github.com/mozilla/standards-positions/issues/1334>)
WebKit: No Signal
(https://github.com/WebKit/standards-positions/issues/597)
We are actively developing this feature in collaboration with
WebKit
https://github.com/whatwg/cookiestore/pull/292#pullrequestreview-3538599229
<https://github.com/whatwg/cookiestore/pull/292#pullrequestreview-3538599229>
Web developers: Positive
(https://github.com/whatwg/cookiestore/issues/57
<https://github.com/whatwg/cookiestore/issues/57>) Could be easier
for developers to work with now-relative values, aligns the Cookie
Store API with the features provided by document.cookie and RFC6265bis
Other signals:
WebView application risks
Does this intent deprecate or change behavior of existing APIs,
such that it has potentially high risk for Android WebView-based
applications?
No
Debuggability
Cookies (and their properties such as expiry time) are debuggable
through the Application > Cookies tab on DevTools
Will this feature be supported on all six Blink platforms
(Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?
Yes
Is this feature fully tested by web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?
Yes
https://wpt.fyi/results/cookiestore/cookieStore_set_maxAge.https.any.html?label=master&label=experimental&aligned
<https://wpt.fyi/results/cookiestore/cookieStore_set_maxAge.https.any.html?label=master&label=experimental&aligned>
https://wpt.fyi/results/cookiestore/cookieStore_set_maxAge.https.any.serviceworker.html?label=master&label=experimental&aligned
<https://wpt.fyi/results/cookiestore/cookieStore_set_maxAge.https.any.serviceworker.html?label=master&label=experimental&aligned>
Can we add a test for max-age=0 value? This has been recently allowed
explicitly in the grammar defined in 6265bis (and is supported by all
browsers):
https://github.com/httpwg/http-extensions/pull/3376
Flag name on about://flags
No information provided
Finch feature name
CookieStoreAPIMaxAge
Rollout plan
Will ship enabled for all users
Requires code in //chrome?
False
Tracking bug
https://issues.chromium.org/430926231
<https://issues.chromium.org/430926231>
Estimated milestones
Shipping on desktop
145
Anticipated spec changes
Open questions about a feature may be a source of future web
compat or interop issues. Please list open issues (e.g. links to
known github issues in the project for the feature specification)
whose resolution may introduce web compat/interop risk (e.g.,
changing to naming or structure of the API in a
non-backward-compatible way).
None
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5190778418757632
<https://chromestatus.com/feature/5190778418757632>
This intent message was generated by Chrome Platform Status
<https://chromestatus.com/>. --
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected].
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/68847eee-f32e-4ef8-85f1-1413a18a2bcen%40chromium.org
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/68847eee-f32e-4ef8-85f1-1413a18a2bcen%40chromium.org?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected].
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOmohSLZB%3DdFmHRXpA1E0CLXESNi43issfEHR21YoupV%2BfGLrQ%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOmohSLZB%3DdFmHRXpA1E0CLXESNi43issfEHR21YoupV%2BfGLrQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/a27cd126-29bc-43e5-a567-386ce457201f%40chromium.org.
