Created attachment 34872 [details] Add expires parameters in Apache-issued cookies ap_cookie_write() sets a cookie with an optional max-age parameter. Unfortunately, Microsoft Internet Explorer and Edge browsers do not support max-age and will only consider the expires property. The attached patch adds an expires property matching max-age, so that cookies set with ap_cookie_write() behave the same way on all browsers.
Comment on attachment 34872 [details] Add expires parameters in Apache-issued cookies >Index: server/util_cookies.c >=================================================================== >--- server/util_cookies.c (revision 1788360) >+++ server/util_cookies.c (working copy) >@@ -35,7 +35,8 @@ > * @param val The value to place in the cookie. > * @param attrs The string containing additional cookie attributes. If NULL, the > * DEFAULT_ATTRS will be used. >- * @param maxage If non zero, a Max-Age header will be added to the cookie. >+ * @param maxage If non zero, Max-Age and derived Expires header will be >+ added to the cookie. > */ > AP_DECLARE(apr_status_t) ap_cookie_write(request_rec * r, const char *name, const char *val, > const char *attrs, long maxage, ...) >@@ -49,7 +50,12 @@ > /* handle expiry */ > buffer = ""; > if (maxage) { >+ char expires[APR_RFC822_DATE_LEN]; >+ > buffer = apr_pstrcat(r->pool, "Max-Age=", apr_ltoa(r->pool, maxage), ";", NULL); >+ >+ if (apr_rfc822_date(expires, apr_time_now() + apr_time_from_sec(maxage)) == APR_SUCCESS) >+ buffer = apr_pstrcat(r->pool, buffer, "Expires=", expires, ";", NULL); > } > > /* create RFC2109 compliant cookie */ >@@ -124,6 +130,7 @@ > > /* create RFC2109 compliant cookie */ > const char *rfc2109 = apr_pstrcat(r->pool, name, "=;Max-Age=0;", >+ "Expires=Thu, 01-Jan-1970 01:00:00 GMT;", > attrs ? attrs : CLEAR_ATTRS, NULL); > ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00009) LOG_PREFIX > "user '%s' removed cookie: '%s'", r->user, rfc2109);