tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Barkon <>
Subject Re: Tomcat 6.0.29 Cookie.getMaxAge() always returns -1 regardless of actual value of maximum age
Date Tue, 16 Nov 2010 20:28:04 GMT
Sorry, may be I use too many words to explain the problem. I just tried to be 
more specific.

I run development. Everything (including Tomcat itself) is located in the same 
computer. Tomcat is configured to port 8888. 

I used "example" software provided by Tomcat and located in Tomcat webapps 
subdirectory. I just slightly modified it to scrutiny a little bit more on 
cookies. I added max age as input for a new cookie (sent from Tomcat to IE), and 
I displayed this field in a list of cookies (sent to Tomcat from IE). 

More specificaly: I created a new cookie with name, value and custom maximum 
age, and sent it to Tomcat as a parameter; I sent this cookie to IE as a cookie; 
next time when I created a new cookie the old one was available for me as a 
cookie and I displayed it on a screen to verify my entry. 
I noticed that max age was always displayed as -1 even though it was originally 
set to 60 and was treated by IE as 60 (cookie was disabled by IE in 60 seconds 
after it was created, as it is supposed to be).

Fiddler was usless, it did not see my transactions (probably because Tomcat and 
IE are located on the same computer). I used IE HTTP Analyzer v5.



This is my servlet:

import javax.servlet.http.HttpServlet;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.RequestDispatcher;
import java.util.ResourceBundle;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpSession;

public class CookieExampleIgor extends HttpServlet
 ResourceBundle rb = ResourceBundle.getBundle("LocalStrings");
 public void  doGet(
    HttpServletRequest request,
    HttpServletResponse response
   ) throws IOException, ServletException
  String cookieName;
  String cookieValue;
  int iMaxAge = -1;
  String sMaxAge;
  PrintWriter out = response.getWriter();
         String title = rb.getString("cookies.title");
         out.println("<title>" + title + "</title>");
  out.println("<form action=\"CookieExampleIgor\" method=\"post\">");
        out.println("<a href=\"../cookies.html\">");
        out.println("<img src=\"../images/code.gif\" height=24 " +
                    "width=24 align=right border=0 alt=\"view code\"></a>");
        out.println("<a href=\"../index.html\">");
        out.println("<img src=\"../images/return.gif\" height=24 " +
                    "width=24 align=right border=0 alt=\"return\"></a>");
        out.println("<h3>" + title + "</h3>");

  out.println("This is Igor\'s job while investigating cookies<br>");

  HttpSession hs = request.getSession(false);
  if ((request.getParameter("sessionreset") != null) && (hs != null))
   out.println("Session has been invalidated<br>");

  if ((request.getParameter("sessioncreate") != null) && (hs == null))
   hs = request.getSession();

  if(hs != null)
   out.println("Session ID: " + hs.getId() + "<br>");
   out.println("Session Max Inactive Interval: " + hs.getMaxInactiveInterval() + 
   out.println("Session ID: null<br>");

  cookieName = request.getParameter("cookiename");
  cookieValue = request.getParameter("cookievalue");
  sMaxAge = request.getParameter("maxage");

  if (request.getParameter("submitcookie") != null && cookieName != null &&

cookieValue != null 

    && cookieName != "" && cookieValue != ""
   if (sMaxAge != null)
     iMaxAge = Integer.decode(sMaxAge);
    catch (NumberFormatException e)
     sMaxAge += "; NumberFormatException; Default value is used " + iMaxAge;;
    sMaxAge = "Null value specified; Default value is used " + iMaxAge; 
   Cookie newCookie = new Cookie(cookieName, cookieValue); 
   newCookie.setMaxAge(iMaxAge);        // I set it to 60, and it was 60, IE 
disabled it in 60 secs
   out.println(rb.getString("cookies.set") + "</br>");
   out.println("Name:" + cookieName + "</br>");
   out.println("Value:" + cookieValue + "<br>");
   out.println("Max Age:" + sMaxAge);
  Cookie[] cookies = request.getCookies();
  if (cookies != null && cookies.length > 0) 
   out.println("<br>" + rb.getString("cookies.cookies"));
   for(int i = 0; i < cookies.length; i++)
    out.println("<br>Cookie name: " + cookies[i].getName());
    out.println("&nbsp;Cookie value: " + cookies[i].getValue()); 
    out.println("&nbsp;Max Age: " + cookies[i].getMaxAge());     // It is always

-1 on display
    out.println("&nbsp;Path: " + cookies[i].getPath()); 
   out.println("<br>" + rb.getString(""));

  out.println(rb.getString("cookies.make-cookie") + "<br>");
  out.println("Name:<input type = \"text\" name = \"cookiename\"><br>");
  out.println("Value:<input type = \"text\" name = \"cookievalue\"><br>");
  out.println("Max Age:<input type = \"text\" name = \"maxage\"><br>");
  out.println("<input type=\"submit\" name=\"sessionreset\" value=\"Session 
  out.println("<input type=\"submit\" name=\"sessioncreate\" value=\"Session 
  out.println("<input type=\"submit\" name=\"submitcookie\" value=\"Submit 

 public void  doPost(
    HttpServletRequest request,
    HttpServletResponse response
   ) throws IOException, ServletException
    request, response

From: Pid <>
To: Tomcat Users List <>
Sent: Tue, November 16, 2010 1:50:23 PM
Subject: Re: Tomcat 6.0.29 Cookie.getMaxAge() always returns -1 regardless of 
actual value of maximum age

On 16/11/2010 16:58, Igor Barkon wrote:
> I run Tomcat 6.0.29 on Windows XP and IE 8.0.6001.18702.
> I noticed that getMaxAge() method of any cookie always returns -1 even for 
> persistent cookie with real positive value of maximum age. IE treats this 
> correctly: cookie persists for amount of seconds specified by setMaxAge method. 
> But getMaxAge always return -1. Based on specification getMaxAge must return 
> actual value of maximum age of a given cookie, not default value. Is this a 

How are you coming to this conclusion?

What code are you using?

What is setting the cookie?

What happens in other browsers?

What are the values of the relevant headers (Set-Cookie:, Cookie:) if
you use a traffic inspection tool (Fiddler, Firebug, Chrome/Safari


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message