Open
Description
When attempting to have a cookie present it's expiry in terms of Age (in seconds) using the code [below]. The resulting Cookie presented in the HTTP header looks like:-
Set-Cookie: ID="123456"; path="/"; Max-Age="60"
ie has the numeric Max-Age component quoted.
Chrome doesn't like max-age being a quoted value. Internet Explorer doesn't recognise the cookie.
The fault seems to lie within: CookieSettingWriter.java: appendValue which quote adds every component of the cookie.
This appears to be a bug. As the RFC says Max-Age=" non-zero-digit *DIGIT
[below]
CookieSetting element = new CookieSetting();
element.setMaxAge(60);
element.setName("123456");
element.setPath("/");
element.setValue(value);
element.setVersion(1); /* 0 creates Expires, 1 creates Max-Age */
response.getCookieSettings().add(element);