On Tue, 14 Jul 2026 11:25:51 GMT, EunHyunsu <[email protected]> wrote:
>> When `expiryDate2DeltaSeconds()` fails to parse the Expires attribute >> against all date formats, it returns 0. The caller in >> `assignMaxAgeAttribute()` then sets `maxAge=0`, which causes `hasExpired()` >> to return true. Per RFC 6265 section 5.2.1, an unparseable Expires value >> should be ignored, leaving `maxAge=-1` (session cookie). >> >> This fix introduces a sentinel constant (`Long.MIN_VALUE`) as the return >> value for parse failure, since 0 is a valid delta for dates that match the >> creation time. The caller checks for this sentinel and skips the maxAge >> assignment when parsing fails. >> >> A new test in `MaxAgeExpires` verifies that unparseable Expires values are >> correctly ignored. >> >> --------- >> - [x] I confirm that I make this contribution in accordance with the >> [OpenJDK Interim AI Policy](https://openjdk.org/legal/ai). > > EunHyunsu has updated the pull request with a new target base due to a merge > or a rebase. The incremental webrev excludes the unrelated changes brought in > by the merge/rebase. The pull request contains eight additional commits since > the last revision: > > - 8380549: Convert testUnparseableExpires to JUnit after master merge > - Merge remote-tracking branch 'upstream/master' into > JDK-HttpCookie-expiryDate-parse-failure > - 8380549: Update ExpiredCookieTest for unparseable Expires behavior > - 8380549: Update test comments in MaxAgeExpires.java > - 8380549: Update B6791927.java copyright header > - 8380549: Refactor expiryDate2DeltaSeconds to return Calendar > - 8380549: Remove unnecessary try-catch around expires handling > - 8380549: HttpCookie.expiryDate2DeltaSeconds returns 0 on parse failure, > causing immediate cookie expiration @ehs208 Your change (at version 23fe7cbebb9d0ae8dcfb91c5d898e0e71ff08629) is now ready to be sponsored by a Committer. ------------- PR Comment: https://git.openjdk.org/jdk/pull/30341#issuecomment-4974592602
