On Fri, 20 Mar 2026 17:02:45 GMT, EunHyunsu <[email protected]> wrote:
> When `expiryDate2DeltaSeconds()` fails to parse the Expires attribute against > all date formats, it returns 0. The caller in `assignMaxAgeAttribute()` then > sets `maxAge=0`, which causes `hasExpired()` to return true. Per RFC 6265 > section 5.2.1, an unparseable Expires value should be ignored, leaving > `maxAge=-1` (session cookie). > > This fix introduces a sentinel constant (`Long.MIN_VALUE`) as the return > value for parse failure, since 0 is a valid delta for dates that match the > creation time. The caller checks for this sentinel and skips the maxAge > assignment when parsing fails. > > A new test in `MaxAgeExpires` verifies that unparseable Expires values are > correctly ignored. Changes requested by vyazici (Reviewer). src/java.base/share/classes/java/net/HttpCookie.java line 2: > 1: /* > 2: * Copyright (c) 2005, 2025, Oracle and/or its affiliates. All rights > reserved. Suggestion: * Copyright (c) 2005, 2026, Oracle and/or its affiliates. All rights reserved. src/java.base/share/classes/java/net/HttpCookie.java line 96: > 94: // Returned by expiryDate2DeltaSeconds when none of the date formats > 95: // could parse the given expires value > 96: private static final long EXPIRY_DATE_PARSE_FAILURE = Long.MIN_VALUE; I'd have just hardcoded `-1`, documented in `expiryDate2DeltaSeconds`, and be done with it. I'm not really sure if a constant sentinel is necessary. I will leave that decision to @dfuch, who first [triaged] this issue. [triaged]: https://mail.openjdk.org/pipermail/net-dev/2026-March/030263.html src/java.base/share/classes/java/net/HttpCookie.java line 1092: > 1090: * > 1091: * @return delta seconds between this cookie's creation time and > the time > 1092: * specified by dateString This needs to be updated. test/jdk/java/net/HttpCookie/whitebox/java.base/java/net/MaxAgeExpires.java line 2: > 1: /* > 2: * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved. Suggestion: * Copyright (c) 2025, 2026, Oracle and/or its affiliates. All rights reserved. ------------- PR Review: https://git.openjdk.org/jdk/pull/30341#pullrequestreview-3991102603 PR Review Comment: https://git.openjdk.org/jdk/pull/30341#discussion_r2974488079 PR Review Comment: https://git.openjdk.org/jdk/pull/30341#discussion_r2974487200 PR Review Comment: https://git.openjdk.org/jdk/pull/30341#discussion_r2974469796 PR Review Comment: https://git.openjdk.org/jdk/pull/30341#discussion_r2974489153
