Hi Daniel, Apologies for the follow-up — I just wanted to check if you hada chance to look into this. No rush at all.
As mentioned, the issue still reproduces on the latest JDK 26 master. Happy to file a JBS issue and prepare a patch if you think it's worth pursuing. Thanks, Hyunsu Eun > 2026. 3. 3. 02:03, Hyunsu Eun <[email protected]> 작성: > > Hi Daniel, > > Thanks for the quick response and for pointing me to JDK-8359343. > > I tested this against the latest JDK 26 build, and the behavior > still appears to reproduce. > > From what I can see, JDK-8359343 addressed the Max-Age / Expires > precedence. However, when the Expires value itself fails to parse, > expiryDate2DeltaSeconds() still returns 0, and maxAge ends up being > set to 0, which causes the cookie to be treated as expired. > > My understanding of the updated getMaxAge() specification is that > if parsing of Expires fails, step 4 ("return -1") should apply, > meaning the cookie would remain a session cookie. > > It’s possible I’m misunderstanding the intended behavior here — > could you clarify whether unparseable Expires values are expected > to be ignored? > > I can provide a minimal reproducer if helpful. > > Thanks, > Hyunsu Eun
