Error in cookie expiration date for Chrome

Jack picture Jack · Mar 1, 2017 · Viewed 11.9k times · Source

I am having problem with the cookie expiry date on Chrome. I set two cookies like this using ColdFusion:

<cfset thekey = generatesecretkey("DESEDE")>
<cfcookie name="cookie1" value="#Hash(userid&thekey,'SHA-256')#" httponly="true" >
<cfcookie name="cookie2" value="#thekey#" httponly="true" >

They have been working for a while. However, after the upgrade to ColdFusion 10 and working with Chrome, weird thing started to happen. It only happened with Chrome browser. Other browsers do not have this issue:

When these two cookies are set they both end up with an expiry date of Wednesday December 31, 1969 at 7:00:11 PM

This puzzled me greatly. I didn't set any expiry date as you can see. So the default is session only. They are supposed to expire at the end of user's session. My question is where is this date come from? Is it from the ColdFusion 10 server or Chrome? I am lost as to why this date is appearing on the cookie's Expires field in Chrome. With this expiry date, the cookies are considered expired already and won't work.

Answer

Konstantin Smolyanin picture Konstantin Smolyanin · Apr 4, 2018

For session cookies Chrome Dev Tools just show that strange expiration date which actually doesn't play any role.