Skip to content

Allow setting a maxAge #292

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Allow setting a maxAge #292

wants to merge 6 commits into from

Conversation

@aamuley
Copy link
Collaborator

@aamuley aamuley commented Nov 13, 2025
edited by pr-preview bot
Loading

Add maxAge as a CookieInitOption used in cookieStore.set(options). Related to #57 #162

I was inclined to use a long long and allow the rfc to handle limiting the cookie ttl to 400 days if there is a restriction imposed there. A long might overflow a bit earlier than expected ~10 years and expire the cookie immediately but im not sure if protecting against that is actually needed.

(See WHATWG Working Mode: Changes for more details.)

Preview | Diff

@aamuley aamuley requested review from DCtheTall and annevk November 17, 2025 13:56
@aamuley aamuley marked this pull request as ready for review November 17, 2025 13:57
annevk
annevk reviewed Nov 18, 2025
View reviewed changes
Copy link
Member

@annevk annevk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For other fields we have some validation. Do we want to throw if both expires and maxAge are passed?

@aamuley
Copy link
Collaborator Author

aamuley commented Nov 18, 2025
edited
Loading

hmm i was planning to let that decision fall to the rfc and just prefer the maxAge if both are specified since that might be more expected behavior for devs, wdyt @DCtheTall?

@annevk
Copy link
Member

annevk commented Nov 19, 2025

Once we start targeting the layered-cookies I-D instead of the current RFC, I'm pretty sure we'll need to resolve the duplication locally anyway as we're not going to serialize what we have and feed it into the parser, but instead we'll create a cookie instance here and use that.

@aamuley
Copy link
Collaborator Author

aamuley commented Nov 19, 2025

Oh I didnt realize that, happy to check which is specified and throw an error in that case. Would you rather we construct a unified expiry time (between max-age and expires) in this algorithm right now, or leave that for when the RFC is being updated?

@annevk
Copy link
Member

annevk commented Nov 20, 2025

I think we should leave that until we update this specification to target the layered-cookies I-D.

@bakulf thoughts on all this?

DCtheTall
DCtheTall approved these changes Nov 20, 2025
View reviewed changes
Copy link
Member

@DCtheTall DCtheTall left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just one suggestion

@aamuley aamuley requested review from DCtheTall and annevk November 21, 2025 15:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DCtheTall DCtheTall Awaiting requested review from DCtheTall

@annevk annevk Awaiting requested review from annevk

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aamuley @annevk @DCtheTall