If the lifespan of a cookie is left unspecified by not invoking the Cookie.setMaxAge( int ) method, how long will such a cookie be retrievable by the server?
Created May 4, 2012
I have shown below the code for a simple servlet, TestCookieLifetime, that can be used to verify my answer to the question. The servlet creates five cookies, with the first four being given different maximum ages, and the last with the age left unspecified.
Of the first two cookies, cookie1 is given a maximum age of 1000 secs; and cookie2 of 10 secs. The third cookie, cookie3, is given a maximum age of 0 secs. This cookie will be deleted almost immediately after it is created. The fourth cookie, cookie4, is given a negative value for its age; this cookie will be deleted when the client browser exits. Finally, by not invoking setMaxAge on cookie5, we leave its age unspecified.
If you point a client browser to this servlet and hit the reload button on the browser repeatedly, you will notice that the browser will display the following pattern initially
name1 value1 name2 value2 name4 value4 name5 value5If you wait for more than 10 seconds between reloads, the browser will display
name1 value1 name4 value4 name5 value5and eventually
name1 value1 name4 value4 name5 value5 name2 value2If you reload in very quick succession, occasionally you will also see the following displayed by the browser:
name1 value1 name4 value4 name5 value5 name2 value2 name3 value3The reason for why you may also see the line name3 value3, which corresponds to cookie3 whose age was set to zero, is explained in another posting.
The bottom line is that the lines name4 value4 and name5 value5, the former corresponding to a negative number for the age and the latter to age left unspecified, will alway appear together. If you shut down the browser and restart it again, both these lines will fail to appear in the client browser.
Here is the code for the servlet:
import java.io.*; import javax.servlet.*; import javax.servlet.http.*; public class TestCookieLifespan extends HttpServlet { public void doGet (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { Cookie cookie1 = new Cookie( "name1:", "value1" ); Cookie cookie2 = new Cookie( "name2:", "value2" ); Cookie cookie3 = new Cookie( "name3:", "value3" ); Cookie cookie4 = new Cookie( "name4:", "value4" ); Cookie cookie5 = new Cookie( "name5:", "value5" ); cookie1.setMaxAge( 10000 ); cookie2.setMaxAge( 10 ); cookie3.setMaxAge( 0 ); cookie4.setMaxAge( -10 ); response.setContentType("text/html"); response.addCookie( cookie1 ); response.addCookie( cookie2 ); response.addCookie( cookie3 ); response.addCookie( cookie4 ); response.addCookie( cookie5 ); Cookie cookies[] = request.getCookies(); System.out.println( "Number of cookies retrieved: " + cookies.length ); PrintWriter out = response.getWriter(); out.println("<html>" + "<head><title>Cookie Information</title></head>" + "<body bgcolor="#FFFFFF">" + "<h1>Cookie Information</h1><table>"); if (cookies != null) { for(int i=0, n=cookies.length; i < n; i++) { out.println ("<tr><td>" + cookies[i].getName() + "</td>"); out.println ("<td>" + cookies[i].getValue() + "</td></tr>"); } } out.println("</table></body></html>"); out.close(); } }
See also How do I setup a cookie to expire after a certain time?