Setting a cookie with max age; max age is lost

cookie max-age
max-age cookie javascript
set cookie javascript
cookie path
cookie expires
set-cookie header not working
cookie domain
cookie httponly

So.. I have this unit test:

func TestCookieVoodoo(t *testing.T) {
    req := httptest.NewRequest("GET", "/", nil)

    cookie := http.Cookie{Name: "potato", MaxAge: 1000}


    cookieCopy, _ := req.Cookie("potato")

    println(fmt.Sprintf("Cookie orig: %v", cookie))
    println(fmt.Sprintf("Cookie Copy: %v", *cookieCopy))


When running it, the output is:

Cookie orig: {potato    0001-01-01 00:00:00 +0000 UTC  1000 false false 0  []}
Cookie copy: {potato    0001-01-01 00:00:00 +0000 UTC  0 false false 0  []}

Why does it loose the max age? (same thing happens when setting other cookie fields) Thanks

Because the Request.AddCookie only add key and value to the cookie string. the function is:

func (r *Request) AddCookie(c *Cookie) {
    s := fmt.Sprintf("%s=%s", sanitizeCookieName(c.Name), sanitizeCookieValue(c.Value))
    if c := r.Header.Get("Cookie"); c != "" {
        r.Header.Set("Cookie", c+"; "+s)
    } else {
        r.Header.Set("Cookie", s)


  1. this is the definition of cookie-string in RFC 6265
  2. the Max-Age and other fields of cookie is used by client not server. they are config of client. for example: if the the cookie exprires, client doesn't send key=value to server. So the fields are ignored in request

Set-Cookie, The Set-Cookie HTTP response header is used to send a cookie from the If both Expires and Max-Age are set, Max-Age has precedence. Path=/ // Rejected due to missing Secure attribute Set-Cookie: __Secure-id=1� Expires=<date>: It is an optional directive that contains the expiry date of the cookie. Max-Age=<non-zero-digit>: It contains the life span in a digit of seconds format, zero or negative value will make the cookie expired immediately. Domain=<domain-value>: This directive defines the host where the cookie will be sent. It is an optional directive.

If you look at the AddCookie code you can see it attaches a Cookie header to the request in the form <Name>=<Value>, or appends to an existing Cookie header ignoring all other fields of the Cookie struct except for Name and Value.

The Cookie header only has the notion of a Name and a Value, more information about the Cookie header can be found here.

A Set-Cookie header on the other hand would preserve all the fields of the Cookie struct, but this would typically set on an HTTP response. So it wouldn't really make sense to set this on your http.Request.

Cookies, document.cookie, Upon sign in, the server uses Set-Cookie HTTP-header in the To let cookies survive browser close, we can set either expires or max-age option. like a network request from another site or a form submission loses cookies. Set Javascript Cookie Expires and Max-Age. JavaScript. oangodd August 11, 2019, 2:38am #1. I’m trying to set a cross browser expiration date for my cookie by setting both the “expires” and

Looking at the Go implementation of AddCookie it is only taking the Name and Value fields.

I believe this is because the MaxAge is valid when sending a cookie in a Response but irrelevent when making a Request. Any cookies the client receives to submit with a request (as in your case) should be validated; valid cookies are then added with AddCookie and only their Keys and Values will be submitted with the request.

Wrong cookie expiry date / max-age because of missing parseInt , I set the priority to "Major" because the purpose of this module is a correct cookie expiration (to ask the website visitor again to dismiss / accept� document. cookie = 'name=Flavio; max-age=3600' //expires in 60 minutes document. cookie = 'name=Flavio; max-age=31536000' //expires in 1 year Set a cookie path The path parameter specifies a document location for the cookie, so it’s assigned to a specific path, and sent to the server only if the path matches the current document location, or

How to set maxAge(duration) of cookie to -1 � Issue #1367 � ktorio , How to set maxAge(duration) of cookie to -1 #1367 So what you need is missing both Expires and MaxAge that you can achieve by setting� Below are code snippets to create and delete a cookie. The cookie is set for 1 day. // 1 Day = 24 Hrs = 24*60*60 = 86400. By using max-age: Creating the cookie:

Cookies Max-Age vs Expires & newer Jboss, Have you noticed some of the cookie headers sent on jboss 6 or 7. If you do, you will see that expires attribute is missing and a new attribute Max-� Users can dismiss the promo and then they won't see it again for a while. You can store that preference in a cookie, set it to expire in a month (2,600,000 seconds), and only send it over HTTPS. That header would look like this: Set-Cookie: promo_shown=1; Max-Age=2600000; Secure Servers set cookies using the Set-Cookie header.

Express cookie-session middleware, Note that no Set-Cookie header will be in the response (and thus no session maxAge : a number representing the milliseconds from for expiry� document.cookie = "name=" + encodeURIComponent ("Christopher Columbus"); By default, the lifetime of a cookie is the current browser session, which means it is lost when the user exits the browser. For a cookie to persist beyond the current browser session, you will need to specify its lifetime (in seconds) with a max-age attribute.

  • A Set-Cookie header must not have a Max-Age attribute. It is that simple. See RFC 6265.