> When `expiryDate2DeltaSeconds()` fails to parse the Expires attribute against > all date formats, it returns 0. The caller in `assignMaxAgeAttribute()` then > sets `maxAge=0`, which causes `hasExpired()` to return true. Per RFC 6265 > section 5.2.1, an unparseable Expires value should be ignored, leaving > `maxAge=-1` (session cookie). > > This fix introduces a sentinel constant (`Long.MIN_VALUE`) as the return > value for parse failure, since 0 is a valid delta for dates that match the > creation time. The caller checks for this sentinel and skips the maxAge > assignment when parsing fails. > > A new test in `MaxAgeExpires` verifies that unparseable Expires values are > correctly ignored. > > --------- > - [x] I confirm that I make this contribution in accordance with the [OpenJDK > Interim AI Policy](https://openjdk.org/legal/ai).
EunHyunsu has updated the pull request incrementally with one additional commit since the last revision: 8380549: Update ExpiredCookieTest for unparseable Expires behavior ------------- Changes: - all: https://git.openjdk.org/jdk/pull/30341/files - new: https://git.openjdk.org/jdk/pull/30341/files/d74ff763..a442b201 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=30341&range=06 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=30341&range=05-06 Stats: 24 lines in 1 file changed: 15 ins; 0 del; 9 mod Patch: https://git.openjdk.org/jdk/pull/30341.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/30341/head:pull/30341 PR: https://git.openjdk.org/jdk/pull/30341
