ASP.NET - What happens when a HttpCookie expiration has been crossed

I am creating some cookies in my ASP.NET application. These cookies expire 10 minutes after they have been created. I follow the approach described on MSDN as shown here: http://msdn.microsoft.com/en-us/library/system.web.httpcookie.expires.aspx

My question is, when a cookie "expires", what happens? Does the browser automatically delete the cookie? Is it our responsibility as developers to remov开发者_高级运维e the cookies if they exist and have expired?

Thank you,

Does the browser automatically delete the cookie?

Yes - or earlier if the user wants to.

Is it our responsibility as developers to remove the cookies if they exist and have expired?

No - it's the Browsers responsibility

You should only worry on setting the expiration, the client handles the rest.

You should not rely on the browser to delete old cookies. The browser will delete cookies by comparing the expiration date to the time on the client PC, not the server. So if you're setting the expiration server side for 30 minutes from now, but the client has there clock 1 year behind, then the client's browser won't delete the cookie for another year and 30 minutes.

Always check the expiration server-side before authorizing the request!