You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When setting max-age parameter to zero (0), the cookie is set as session cookie instead of removal. The package treats zero value of max-age as it's not set. But according to RFC-6265 zero value should remove cookie as well as negative value. Here's a quote of the section "5.2.2. The Max-Age Attribute":
If delta-seconds is less than or equal to zero (0), let expiry-time be the earliest representable date and time. Otherwise, let the expiry-time be the current date and time plus delta-seconds seconds.
The workaround of this bug is to use negative values. I can make pull-request if needed.
The text was updated successfully, but these errors were encountered:
When setting
max-ageparameter to zero (0), the cookie is set as session cookie instead of removal. The package treats zero value ofmax-ageas it's not set. But according to RFC-6265 zero value should remove cookie as well as negative value. Here's a quote of the section "5.2.2. The Max-Age Attribute":The workaround of this bug is to use negative values. I can make pull-request if needed.
The text was updated successfully, but these errors were encountered: