> When `expiryDate2DeltaSeconds()` fails to parse the Expires attribute against 
> all date formats, it returns 0. The caller in `assignMaxAgeAttribute()` then 
> sets `maxAge=0`, which causes `hasExpired()` to return true. Per RFC 6265 
> section 5.2.1, an unparseable Expires value should be ignored, leaving 
> `maxAge=-1` (session cookie).
> 
> This fix introduces a sentinel constant (`Long.MIN_VALUE`) as the return 
> value for parse failure, since 0 is a valid delta for dates that match the 
> creation time. The caller checks for this sentinel and skips the maxAge 
> assignment when parsing fails.
> 
> A new test in `MaxAgeExpires` verifies that unparseable Expires values are 
> correctly ignored.
> 
> ---------
> - [x] I confirm that I make this contribution in accordance with the [OpenJDK 
> Interim AI Policy](https://openjdk.org/legal/ai).

EunHyunsu has updated the pull request incrementally with one additional commit 
since the last revision:

  8380549: Update ExpiredCookieTest for unparseable Expires behavior

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/30341/files
  - new: https://git.openjdk.org/jdk/pull/30341/files/d74ff763..a442b201

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=30341&range=06
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=30341&range=05-06

  Stats: 24 lines in 1 file changed: 15 ins; 0 del; 9 mod
  Patch: https://git.openjdk.org/jdk/pull/30341.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/30341/head:pull/30341

PR: https://git.openjdk.org/jdk/pull/30341

Reply via email to