Home/ Questions/Q 7782339
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T19:30:42+00:00

I write a bachelor thesis about web visitor tracking and therefore HTTP Cookies are

  • 0

I write a bachelor thesis about web visitor tracking and therefore HTTP Cookies are an important part of it. Are there “natural” restrictions regarding maximum expire time, max age ,… ? I read that the expire-number is a unix-timestamp (32bit) and so it should work until 2038. On the other side it’s supposed that modern browsers use a 64-bit number to store it.

I tried to set a extreme high value (Chromium/Linux).

Warning: Expiry date cannot have a year greater then 9999 in [...]

But other browsers tend to implement different ranges – are there any W3C recommendations?

What is the most common average expire-time? Do you know studies or papers? I wasn’t able to find some, but this is such a popular topic…

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    RFC 6265 defines Cookies, so if we look at section 5.2.1, we see:

    If the expiry-time is later than the last date the user agent can
    represent, the user agent MAY replace the expiry-time with the last
    representable date.

    Dates are not sent as unix timestamps but as the representation defined in section 5.1.1 which only specifies a lower bound: the year 1601.

    So this leaves the upper bound for the expiry date to the browser. Most browsers will use their OS’s underlying date utilities (or glibc respectively) so their constraints will apply (which should mostly be 64bit capable by now). To get a definite answer, you might have to check the various browser implementations.

    • 0