If the lifespan of a cookie is left unspecified by not invoking the Cookie.setMaxAge( int ) method, how long will such a cookie be retrievable by the server?

Avi Kak

A cookie whose age is left unspecified has the same storage property as a cookie for which setMaxAge is invoked with a negative argument. In both cases, the cookie is available only for the duration of the current session with the server. In both cases, the cookie is deleted by the client when the current session expires.

I have shown below the code for a simple servlet, TestCookieLifetime, that can be used to verify my answer to the question. The servlet creates five cookies, with the first four being given different maximum ages, and the last with the age left unspecified.

Of the first two cookies, cookie1 is given a maximum age of 1000 secs; and cookie2 of 10 secs. The third cookie, cookie3, is given a maximum age of 0 secs. This cookie will be deleted almost immediately after it is created. The fourth cookie, cookie4, is given a negative value for its age; this cookie will be deleted when the client browser exits. Finally, by not invoking setMaxAge on cookie5, we leave its age unspecified.

If you point a client browser to this servlet and hit the reload button on the browser repeatedly, you will notice that the browser will display the following pattern initially

   name1 value1
   name2 value2
   name4 value4
   name5 value5

If you wait for more than 10 seconds between reloads, the browser will display

   name1 value1
   name4 value4
   name5 value5

and eventually

   name1 value1
   name4 value4
   name5 value5
   name2 value2

If you reload in very quick succession, occasionally you will also see the following displayed by the browser:

   name1 value1
   name4 value4
   name5 value5
   name2 value2
   name3 value3

The reason for why you may also see the line name3 value3, which corresponds to cookie3 whose age was set to zero, is explained in another posting.

The bottom line is that the lines name4 value4 and name5 value5, the former corresponding to a negative number for the age and the latter to age left unspecified, will alway appear together. If you shut down the browser and restart it again, both these lines will fail to appear in the client browser.

Here is the code for the servlet:

import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;

public class TestCookieLifespan extends HttpServlet {

  public void doGet (HttpServletRequest request, HttpServletResponse response) 
           throws ServletException, IOException 
    Cookie cookie1 = new Cookie( "name1:", "value1" );
    Cookie cookie2 = new Cookie( "name2:", "value2" );   
    Cookie cookie3 = new Cookie( "name3:", "value3" );   
    Cookie cookie4 = new Cookie( "name4:", "value4" );   
    Cookie cookie5 = new Cookie( "name5:", "value5" );   

    cookie1.setMaxAge( 10000 );
    cookie2.setMaxAge( 10 );    
    cookie3.setMaxAge( 0 );    
    cookie4.setMaxAge( -10 );    


    response.addCookie( cookie1 );
    response.addCookie( cookie2 );
    response.addCookie( cookie3 );
    response.addCookie( cookie4 );
    response.addCookie( cookie5 );

    Cookie cookies[] = request.getCookies();

    System.out.println( "Number of cookies retrieved: " + cookies.length );    

    PrintWriter out = response.getWriter();
    out.println("<html>" +
      "<head><title>Cookie Information</title></head>" +
      "<body bgcolor="#FFFFFF">" +
      "<h1>Cookie Information</h1><table>");
    if (cookies != null) {
      for(int i=0, n=cookies.length; i < n; i++) {
        out.println ("<tr><td>" + cookies[i].getName() + "</td>");
        out.println ("<td>" + cookies[i].getValue() + "</td></tr>");

See also How do I setup a cookie to expire after a certain time?