From ffa14b0fdf1d3520a85235ab15b8b2a23bb0771a Mon Sep 17 00:00:00 2001 From: Eric Lawrence Date: Tue, 21 Jan 2025 14:07:14 -0800 Subject: [PATCH 1/5] Update EXPIRES info with clock skew Firefox and Chromium adjust the EXPIRES value with the computed clock-skew as calculated using the response's DATE header. --- files/en-us/web/http/headers/set-cookie/index.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/files/en-us/web/http/headers/set-cookie/index.md b/files/en-us/web/http/headers/set-cookie/index.md index e10ddfd66097f78..315a1c7e5dcb3a9 100644 --- a/files/en-us/web/http/headers/set-cookie/index.md +++ b/files/en-us/web/http/headers/set-cookie/index.md @@ -101,7 +101,8 @@ Set-Cookie: =; Domain=; Secure; HttpOnl > [!WARNING] > Many web browsers have a _session restore_ feature that will save all tabs and restore them the next time the browser is used. Session cookies will also be restored, as if the browser was never closed. - When an `Expires` date is set, the deadline is relative to the _client_ the cookie is being set on, not the server. + When an `Expires` date is set, the deadline is relative to the _client_ the cookie is being set on, not the server. However, the server's `Date` header will be used to compute the clock skew between the + client and the server, and the `Expires` date will be adjusted accordingly. - `HttpOnly` {{optional_inline}} From 57655acc8ea799c5c48b553936d7240c3f14fe10 Mon Sep 17 00:00:00 2001 From: Hamish Willee Date: Fri, 31 Jan 2025 16:24:30 +1100 Subject: [PATCH 2/5] Update files/en-us/web/http/headers/set-cookie/index.md --- files/en-us/web/http/headers/set-cookie/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/files/en-us/web/http/headers/set-cookie/index.md b/files/en-us/web/http/headers/set-cookie/index.md index 315a1c7e5dcb3a9..76099007437395d 100644 --- a/files/en-us/web/http/headers/set-cookie/index.md +++ b/files/en-us/web/http/headers/set-cookie/index.md @@ -101,8 +101,8 @@ Set-Cookie: =; Domain=; Secure; HttpOnl > [!WARNING] > Many web browsers have a _session restore_ feature that will save all tabs and restore them the next time the browser is used. Session cookies will also be restored, as if the browser was never closed. - When an `Expires` date is set, the deadline is relative to the _client_ the cookie is being set on, not the server. However, the server's `Date` header will be used to compute the clock skew between the - client and the server, and the `Expires` date will be adjusted accordingly. + When an `Expires` date is set, the deadline is relative to the _client_ the cookie is being set on, not the server. + However, the server's `Date` header will be used to compute the clock skew between the client and the server, and the `Expires` date will be adjusted accordingly. - `HttpOnly` {{optional_inline}} From 308f3fe8f40adac84c07df48b0b8a4992a44dbc9 Mon Sep 17 00:00:00 2001 From: Hamish Willee Date: Tue, 4 Feb 2025 13:44:00 +1100 Subject: [PATCH 3/5] Update files/en-us/web/http/headers/set-cookie/index.md --- files/en-us/web/http/headers/set-cookie/index.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/files/en-us/web/http/headers/set-cookie/index.md b/files/en-us/web/http/headers/set-cookie/index.md index 76099007437395d..0a964842dd3d6b1 100644 --- a/files/en-us/web/http/headers/set-cookie/index.md +++ b/files/en-us/web/http/headers/set-cookie/index.md @@ -101,8 +101,11 @@ Set-Cookie: =; Domain=; Secure; HttpOnl > [!WARNING] > Many web browsers have a _session restore_ feature that will save all tabs and restore them the next time the browser is used. Session cookies will also be restored, as if the browser was never closed. - When an `Expires` date is set, the deadline is relative to the _client_ the cookie is being set on, not the server. - However, the server's `Date` header will be used to compute the clock skew between the client and the server, and the `Expires` date will be adjusted accordingly. + The `Expires` attribute is set by the server with a value relative to its own internal clock, which may differ from that of the client browser. + Firefox and Chromium-based browsers internally use an expiry (max-age) value that is adjusted to compensate for clock difference, storing and expiring cookies at the time intended by the server. + The adjustment for clock skew is calculated from the value of the {{httpheader("DATE")}} header. + + Note that the specification explains how the attribute should be parsed, but does not indicate if/how the value should be corrected by the recipient. - `HttpOnly` {{optional_inline}} From b6b73804fbd3c82a68f22fea80f2d11cdcb97190 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 4 Feb 2025 09:58:15 +0100 Subject: [PATCH 4/5] Update files/en-us/web/http/headers/set-cookie/index.md Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- files/en-us/web/http/headers/set-cookie/index.md | 1 - 1 file changed, 1 deletion(-) diff --git a/files/en-us/web/http/headers/set-cookie/index.md b/files/en-us/web/http/headers/set-cookie/index.md index 0a964842dd3d6b1..f111c408ab76f94 100644 --- a/files/en-us/web/http/headers/set-cookie/index.md +++ b/files/en-us/web/http/headers/set-cookie/index.md @@ -104,7 +104,6 @@ Set-Cookie: =; Domain=; Secure; HttpOnl The `Expires` attribute is set by the server with a value relative to its own internal clock, which may differ from that of the client browser. Firefox and Chromium-based browsers internally use an expiry (max-age) value that is adjusted to compensate for clock difference, storing and expiring cookies at the time intended by the server. The adjustment for clock skew is calculated from the value of the {{httpheader("DATE")}} header. - Note that the specification explains how the attribute should be parsed, but does not indicate if/how the value should be corrected by the recipient. - `HttpOnly` {{optional_inline}} From 5f9a1440a084cdc8d232bd5882cb8d277c44d37a Mon Sep 17 00:00:00 2001 From: Hamish Willee Date: Tue, 4 Feb 2025 21:24:29 +1100 Subject: [PATCH 5/5] Update files/en-us/web/http/headers/set-cookie/index.md --- files/en-us/web/http/headers/set-cookie/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/en-us/web/http/headers/set-cookie/index.md b/files/en-us/web/http/headers/set-cookie/index.md index f111c408ab76f94..ed7b447f7b77d18 100644 --- a/files/en-us/web/http/headers/set-cookie/index.md +++ b/files/en-us/web/http/headers/set-cookie/index.md @@ -102,7 +102,7 @@ Set-Cookie: =; Domain=; Secure; HttpOnl > Many web browsers have a _session restore_ feature that will save all tabs and restore them the next time the browser is used. Session cookies will also be restored, as if the browser was never closed. The `Expires` attribute is set by the server with a value relative to its own internal clock, which may differ from that of the client browser. - Firefox and Chromium-based browsers internally use an expiry (max-age) value that is adjusted to compensate for clock difference, storing and expiring cookies at the time intended by the server. + Firefox and Chromium-based browsers internally use an expiry (max-age) value that is adjusted to compensate for clock difference, storing and expiring cookies based on the time intended by the server. The adjustment for clock skew is calculated from the value of the {{httpheader("DATE")}} header. Note that the specification explains how the attribute should be parsed, but does not indicate if/how the value should be corrected by the recipient.