Skip to content

docs: clarify ResponseCookie Max-Age behavior according to RFC 6265 #35216

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs: clarify ResponseCookie Max-Age behavior according to RFC 6265 #35216

wants to merge 1 commit into from

Conversation

genius00hwan
Copy link

Summary

This PR improves documentation for ResponseCookie#getMaxAge() and ResponseCookieBuilder#maxAge().

Motivation

According to RFC 6265, Section 5.2.2,
a negative Max-Age value means no "Max-Age" attribute is sent, making the cookie a session cookie.
This was not clearly documented, which may cause confusion for developers.

Changes

  • Clarified Max-Age behavior in Javadoc
    • Positive → persistent cookie
    • Zero → immediate expiration (deleted)
    • Negative → session cookie (removed when browser closes)
  • Added explicit RFC reference
  • No functional or behavioral changes

Related Issues

Impact

No functional impact. Documentation update only.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Jul 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
status: waiting-for-triage An issue we've not yet triaged or decided on
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@genius00hwan @spring-projects-issues