Hi Daniel,
Thanks for the quick response and for pointing me to JDK-8359343.
I tested this against the latest JDK 26 build, and the behavior
still appears to reproduce.
From what I can see, JDK-8359343 addressed the Max-Age / Expires
precedence. However, when the Expires value itself fails to parse,
expiryDate2DeltaSeconds() still returns 0, and maxAge ends up being
set to 0, which causes the cookie to be treated as expired.
My understanding of the updated getMaxAge() specification is that
if parsing of Expires fails, step 4 ("return -1") should apply,
meaning the cookie would remain a session cookie.
It’s possible I’m misunderstanding the intended behavior here —
could you clarify whether unparseable Expires values are expected
to be ignored?
I can provide a minimal reproducer if helpful.
Thanks,
Hyunsu Eun
