I can\'t retrieve cookie maxage it always returns -1
Creating cookie:
Cookie securityCookie = new Cookie(\"sec\", \"somevalue\");
securityCookie.setMaxAg
The API says that -1 means until browser is running:
Returns the maximum age of the cookie, specified in seconds, By default, -1 indicating the cookie will persist until browser shutdown
What is the value of EXPIRATION_TIME constant?
When a browser sends a cookie back to the origin server, it doesn't include any age. So it is logical that your "retrieve" code above does not receive a max age: it is not included in the request.
When the cookie is received from the server, the browser uses the max age parameter to determine how long the cookie should be kept; the age is never communicated back to the server, an expired cookie is simply discarded. When processing a request, if you want to renew the age of the cookie, reinclude the cookie in the response.
Also see the section "Sending Cookies to the Origin Server" in the RFC.
Just for grins, can you retrieve the value of the cookie from the browser using javascript ?
Also, can you put a filter before your servlet/jsp so that you can check the value of the cookie after the servlet/jsp sets it ?
The value may be modified by the browser.
You create a cookie and want to set a max age. The cookie is sent to the browser. The browser may reject the cookie or ignore a max age too long for its policy. This modified cookie is sent back to your application.
Check your browser settings.