On Mon, 6 Jul 2026 20:08:59 GMT, Volkan Yazici <[email protected]> wrote:

>> EunHyunsu has updated the pull request incrementally with one additional 
>> commit since the last revision:
>> 
>>   8380549: Update test comments in MaxAgeExpires.java
>
> ### Test failure analysis
> 
> I've examined the failing `ExpiredCookieTest`, and my analysis matches the 
> one from @ehs208.
> 
> On `master`:
> 
> - `expiryDate2DeltaSeconds()` always returns a `long`
> - on parse failure it returns 0
> - `assignMaxAgeAttribute()` always does `cookie.maxAge = (delta > 0 ? delta : 
> 0)`
> 
> In this PR:
> 
> - `parseExpires()` returns a `Calendar` or `null`
> - `assignMaxAgeAttribute()` only sets `maxAge` if `cal != null`
> - if parsing fails, `maxAge` is left untouched, so the cookie stays a session 
> cookie
> 
> In short, this PR changes the "failed expiry parse" behavior from "expire 
> immediately" to "ignore expiry and keep as session cookie".
> 
> `ExpiredCookieTest` uses following dates:
> 
> 
> cal.set(1970, 6, 9, 10, 10, 1); // 1970-07-09 Thu 10:10:01
> cal.set(1969, 6, 9, 10, 10, 2); // 1969-07-09 Wed 10:10:02
> cal.set(2070, 6, 9, 10, 10, 3); // 2070-07-09 Wed 10:10:03
> cal.set(2069, 6, 9, 10, 10, 4); // 2069-07-09 Tue 10:10:04
> 
> 
> Using two-digit year formatting, this is what the `Set-Cookie` contents look 
> like:
> 
> 
> TEST1=TEST1; Path=/; Expires=Thu, 09-Jul-70 10:10:01 GMT
> TEST2=TEST2; Path=/; Expires=Wed, 09-Jul-69 10:10:02 GMT
> TEST3=TEST3; Path=/; Expires=Wed, 09-Jul-70 10:10:03 GMT
> TEST4=TEST4; Path=/; Expires=Tue, 09-Jul-69 10:10:04 GMT
> 
> 
> Since we use `df.set2DigitYearStart("1970-01-01 00:00:00")`, their two-digit 
> year interpretation will be as follows:
> 
> 
> TEST1=TEST1; Path=/; Expires=Thu, 09-Jul-1970 10:10:01 GMT # Good
> TEST2=TEST2; Path=/; Expires=Wed, 09-Jul-2069 10:10:02 GMT # Illegal! This is 
> a Tuesday.
> TEST3=TEST3; Path=/; Expires=Wed, 09-Jul-1970 10:10:03 GMT # Illegal! This is 
> a Thursday.
> TEST4=TEST4; Path=/; Expires=Tue, 09-Jul-2069 10:10:04 GMT # Good
> 
> 
> Both on `master` and in this PR,
> 
> - `TEST1` has expired in 1969, and is removed. 
> - `TEST4` will expire in 1969, and is kept.
> 
> Different from `master`, because of the the new "keep as session cookie on 
> expiry date parse failure" behavior, and illegal two-digit year 
> interpretations of `TEST2` and `TEST3`, this PR additionally keeps them as 
> session cookies. That is,
> 
> - On `master`, only `TEST4` is kept.
> - In this PR, `TEST2`, `TEST3`, and `TEST4` are kept.
> 
> ### The new behavior & RFC
> 
> As explained above, this PR changes the "failed expiry parse" behavior from 
> "expire immediately" to "ignore expiry and keep as session cookie". [RFC 6525 
> > 5.2.1. The Expires Attribute] states the following:
> 
>> If the attribute-value failed to parse as a cookie date, ignore the 
>> cookie-av.
> 
> I also agree with @ehs208 conclusion her...

Thanks @vy. I've updated ExpiredCookieTest to match the new behavior, asserting 
the exact set of surviving cookie names per date format rather than the count. 
Could you take another look?

-------------

PR Comment: https://git.openjdk.org/jdk/pull/30341#issuecomment-4904296625

Reply via email to