Setting persistent cookie from Java doesn't work in IE

All,

Although I see related topics on the fo开发者_C百科rum, but I don't see a clear solution on this issue. I am trying to set a javax.servlet.http.Cookie with an expiration time (so that it persists across browser sessions). Code:

public void respond(HttpServletRequest req, HttpServletResponse resp) {
    int expiration = 3600;
    Cookie cookie = new Cookie("TestCookie", "xyz");
    cookie.setDomain("");
    cookie.setVersion(0);
    cookie.setPath("/");
    cookie.setMaxAge(expiration);
    cookie.setSecure(false);
    resp.addCookie(cookie);
}

I don't see this cookie being set when I check in IE developer tools. Searching on the internet gave me clues that IE doesn't consider Max-Age, but only works with Expires. If this does not work for IE, then is there a proven way of setting the HTTP response headers for a persistent cookie so that it works for IE?

PS: This works fine on all other browsers.

I tried creating a string for the cookie having expires attribute. IE succeeded in creating it, but it lost the domain (default - "") and showed ".com" and turned it into a session cookie instead of a persistent cookie. This again works fine on all other browsers.

Please help. Thanks.

Working with IE9, I found that it was the HttpOnly attribute that was required in order to get it to echo the cookie value on subsequent posts, e.g:

Set-Cookie: autologCk1=ABCD; Path=/autolog/; HttpOnly

The answer is at Persistent cookies from a servlet in IE.

Your case may be a different flavour of the same issue: that is, by prefixing the domain with a "." (which I'm pretty sure is a version 1 cookie feature), something in the Java stack decides it's a version 1 cookie (unrecognized and not persisted by IE, even IE8) and sends that cookie format.

Or, as that answer suggests, is there something in your cookie value that contains an unrecognized character?

As javax.servlet.http.Cookie does not allow you to set Expires attribute to the cookie, you should set it manually.

You also need to know that Expires must be specified in the form of Wdy, DD Mon YYYY HH:MM:SS GMT following RFC-2616 Full Date section (more info).

In Java you can do it this way:

public void respond(HttpServletRequest req, HttpServletResponse resp) {
    int expiration = 3600;
    StringBuilder cookie = new StringBuilder("TestCookie=xyz; ");

    DateFormat df = new SimpleDateFormat("EEE, dd-MMM-yyyy HH:mm:ss 'GMT'", Locale.US);
    Calendar cal = Calendar.getInstance();
    cal.add(Calendar.SECOND, 3600);
    cookie.append("Expires=" + df.format(cal.getTime()) + "; ");

    cookie.append("Domain=; ");
    cookie.append("Version=0; ");
    cookie.append("Path=/; ");
    cookie.append("Max-Age=" + expiration + "; ");
    cookie.append("Secure; ");
    resp.setHeader("Set-Cookie", cookie.toString());
}