Set-Cookie: Expire property, clock skew and Internet Explorer issue

Question

There is a header Max-Age that allows to specify the expiration time of a cookie. Unfortunately Internet Explorer 6, 7, 8 and probably later do not support Max-Age and requi

Answer 1

If I had this sort of requirement I would manage the cookies in my application. Include a server-time expires timestamp in the content of the cookie, secure the cookie with encryption or a hash, and reject the cookie if the timestamp in the cookie has passed.

This is pretty much how auto-login cookie expiration is enforced.