On Mon, 23 Mar 2026 11:50:15 GMT, EunHyunsu <[email protected]> wrote:
>> When `expiryDate2DeltaSeconds()` fails to parse the Expires attribute
>> against all date formats, it returns 0. The caller in
>> `assignMaxAgeAttribute()` then sets `maxAge=0`, which causes `hasExpired()`
>> to return true. Per RFC 6265 section 5.2.1, an unparseable Expires value
>> should be ignored, leaving `maxAge=-1` (session cookie).
>>
>> This fix introduces a sentinel constant (`Long.MIN_VALUE`) as the return
>> value for parse failure, since 0 is a valid delta for dates that match the
>> creation time. The caller checks for this sentinel and skips the maxAge
>> assignment when parsing fails.
>>
>> A new test in `MaxAgeExpires` verifies that unparseable Expires values are
>> correctly ignored.
>
> EunHyunsu has refreshed the contents of this pull request, and previous
> commits have been removed. The incremental views will show differences
> compared to the previous content of the PR. The pull request contains one new
> commit since the last revision:
>
> 8380549: HttpCookie.expiryDate2DeltaSeconds returns 0 on parse failure,
> causing immediate cookie expiration
src/java.base/share/classes/java/net/HttpCookie.java line 1019:
> 1017: }
> 1018: }
> 1019: } catch (NumberFormatException ignored) {}
Pre-existing, but I think this catch block (and thus the try) isn't needed. I
can't spot anything in that `expiryDate2DeltaSeconds` which would throw a
`NumberFormatException`.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/30341#discussion_r2975104756
