在会话期间Cookie是否过期？

Question

如果我的cookie设置为今天晚上7点过期，并且我在晚上6点30分开始会话，那么在该会话期间但在晚上7点之后发出的请求将包含cookie，因为会话结束或浏览器已将其删除时会将其删除？

Answer 1

是的，cookies可以在会话期间过期并且经常这样做。无论是在会话中，还是不在会话中，Cookies都会在到期时过期。如果服务器希望Cookie持续进行会话，它应该将Cookie重置为会话Cookie，或者将来设置更长的到期时间。

浏览器不应该发送任何已过期到服务器的cookie。

最大年龄=值
           可选：这是在RFC 2965（2000年10月），其中规定处理。的最大年龄属性的值是Δ-秒，
            cookie的以秒为单位的寿命，十进制非负
           整数。为了正确地处理高速缓存的cookie，客户端应根据年龄计算
           计算cookie的年龄
在HTTP/1.1规范[RFC2616]            规则。 当年龄比Δ-秒秒
           越大，客户端应该丢弃
           的cookie。值为零表示cookie应该被丢弃
             立即。

[强调]

，并说：

饼干已经过期应该被抛弃，因此不 转发到源服务器。

[强调]

本RFC通过2011年4月在该点是在适当位置从2000年10月，RFC 2965（2000年10月）中的溶液通过RFC 6265代替（2011年4月）。 RFC 6265改变了将过期的cookies从“应该”移除到“必须”的要求。RFC 6265说：

4. Server Requirements 
... 
4.1.2.1. The Expires Attribute 

    The Expires attribute indicates the maximum lifetime of the cookie, 
    represented as the date and time at which the cookie expires. The 
    user agent is not required to retain the cookie until the specified 
    date has passed. In fact, user agents often evict cookies due to 
    memory pressure or privacy concerns. 

4.1.2.2. The Max-Age Attribute 

    The Max-Age attribute indicates the maximum lifetime of the cookie, 
    represented as the number of seconds until the cookie expires. The 
    user agent is not required to retain the cookie for the specified 
    duration. In fact, user agents often evict cookies due to memory 
    pressure or privacy concerns. 

     NOTE: Some existing user agents do not support the Max-Age 
     attribute. User agents that do not support the Max-Age attribute 
     ignore the attribute. 

    If a cookie has both the Max-Age and the Expires attribute, the Max- 
    Age attribute has precedence and controls the expiration date of the 
    cookie. If a cookie has neither the Max-Age nor the Expires 
    attribute, the user agent will retain the cookie until "the current 
    session is over" (as defined by the user agent). 
... 
5. User Agent Requirements 
... 
5.2.1. The Expires Attribute 

    If the attribute-name case-insensitively matches the string 
    "Expires", the user agent MUST process the cookie-av as follows. 

    Let the expiry-time be the result of parsing the attribute-value as 
    cookie-date (see Section 5.1.1). 

    If the attribute-value failed to parse as a cookie date, ignore the 
    cookie-av. 

    If the expiry-time is later than the last date the user agent can 
    represent, the user agent MAY replace the expiry-time with the last 
    representable date. 
    If the expiry-time is earlier than the earliest date the user agent 
    can represent, the user agent MAY replace the expiry-time with the 
    earliest representable date. 

    Append an attribute to the cookie-attribute-list with an attribute- 
    name of Expires and an attribute-value of expiry-time. 

5.2.2. The Max-Age Attribute 

    If the attribute-name case-insensitively matches the string "Max- 
    Age", the user agent MUST process the cookie-av as follows. 

    If the first character of the attribute-value is not a DIGIT or a "-" 
    character, ignore the cookie-av. 

    If the remainder of attribute-value contains a non-DIGIT character, 
    ignore the cookie-av. 

    Let delta-seconds be the attribute-value converted to an integer. 

    If delta-seconds is less than or equal to zero (0), let expiry-time 
    be the earliest representable date and time. Otherwise, let the 
    expiry-time be the current date and time plus delta-seconds seconds. 

    Append an attribute to the cookie-attribute-list with an attribute- 
    name of Max-Age and an attribute-value of expiry-time. 
... 
5.3. Storage Model 
... 
    A cookie is "expired" if the cookie has an expiry date in the past. 

    The user agent MUST evict all expired cookies from the cookie store 
    if, at any time, an expired cookie exists in the cookie store. 

    At any time, the user agent MAY "remove excess cookies" from the 
    cookie store if the number of cookies sharing a domain field exceeds 
    some implementation-defined upper bound (such as 50 cookies). 

    At any time, the user agent MAY "remove excess cookies" from the 
    cookie store if the cookie store exceeds some predetermined upper 
    bound (such as 3000 cookies). 

    When the user agent removes excess cookies from the cookie store, the 
    user agent MUST evict cookies in the following priority order: 

    1. Expired cookies. 

    2. Cookies that share a domain field with more than a predetermined 
     number of other cookies. 

    3. All cookies. 

    If two cookies have the same removal priority, the user agent MUST 
    evict the cookie with the earliest last-access date first. 

    When "the current session is over" (as defined by the user agent), 
    the user agent MUST remove from the cookie store all cookies with the 
    persistent-flag set to false.