From cfbbe11619b50552c387e4283cf408b8655d5445 Mon Sep 17 00:00:00 2001
From: markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Date: Tue, 23 Dec 2008 13:14:42 +0000
Subject: [PATCH] Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46403
 By default, always send the expires parameter with cookies to fix know IE6
 and IE 7 issue. I don't like doing this but I can't see a better way.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@728947 13f79535-47bb-0310-9956-ffa450edef68
---
 java/org/apache/tomcat/util/http/ServerCookie.java | 17 ++++++++++++-----
 webapps/docs/config/systemprops.xml                |  9 +++++++++
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/java/org/apache/tomcat/util/http/ServerCookie.java b/java/org/apache/tomcat/util/http/ServerCookie.java
index e3a1595e3..b1662200f 100644
--- a/java/org/apache/tomcat/util/http/ServerCookie.java
+++ b/java/org/apache/tomcat/util/http/ServerCookie.java
@@ -73,6 +73,11 @@ public class ServerCookie implements Serializable {
     public static final boolean STRICT_SERVLET_COMPLIANCE =
         Boolean.valueOf(System.getProperty("org.apache.catalina.STRICT_SERVLET_COMPLIANCE", "false")).booleanValue();
 
+    /**
+     * If set to false, we don't use the IE6/7 Max-Age/Expires work around
+     */
+    public static final boolean ALWAYS_ADD_EXPIRES =
+        Boolean.valueOf(System.getProperty("org.apache.tomcat.util.http.ServerCookie.ALWAYS_ADD_EXPIRES", "true")).booleanValue();
 
     // Note: Servlet Spec =< 2.5 only refers to Netscape and RFC2109,
     // not RFC2965
@@ -282,7 +287,13 @@ public class ServerCookie implements Serializable {
         // Max-Age=secs ... or use old "Expires" format
         // TODO RFC2965 Discard
         if (maxAge >= 0) {
-            if (version == 0) {
+            if (version > 0) {
+                buf.append ("; Max-Age=");
+                buf.append (maxAge);
+            }
+            // IE6, IE7 and possibly other browsers don't understand Max-Age.
+            // They do understand Expires, even with V1 cookies!
+            if (version == 0 || ALWAYS_ADD_EXPIRES) {
                 // Wdy, DD-Mon-YY HH:MM:SS GMT ( Expires Netscape format )
                 buf.append ("; Expires=");
                 // To expire immediately we need to set the time in past
@@ -295,10 +306,6 @@ public class ServerCookie implements Serializable {
                                         maxAge*1000L),
                                 buf, new FieldPosition(0));
                     }
-
-            } else {
-                buf.append ("; Max-Age=");
-                buf.append (maxAge);
             }
         }
 
diff --git a/webapps/docs/config/systemprops.xml b/webapps/docs/config/systemprops.xml
index 41bb7c54c..1cc86ea36 100644
--- a/webapps/docs/config/systemprops.xml
+++ b/webapps/docs/config/systemprops.xml
@@ -247,6 +247,15 @@
       default value of <code>false</code> will be used.</p>
     </property>
 
+    <property
+    name="org.apache.tomcat.util.http. ServerCookie.ALWAYS_ADD_EXPIRES">
+      <p>If this is <code>true</code> Tomcat will always add an expires
+      parameter to a SetCookie header even for cookies with version greater than
+      zero. This is to work around a known IE6 and IE7 bug that causes IE to
+      ignore the Max-Age parameter in a SetCookie header.If not specified, the
+      default value of <code>true</code> will be used.</p>
+    </property>
+
   </properties>
 
 </section>
-- 
2.11.0