Allow null as expires value in Cookie #317

tidbeck · 2025-02-06T16:05:09Z

The Cookie definition do not allow null as value for expires.

On mdn web docs, regarding expires: "If unspecified, the cookie becomes a session cookie. A session finishes when the client shuts down, after which the session cookie is removed."

Environment

macOS Sequoia 15.1
Chrome Version 133.0.6943.54 (Official Build) (arm64)

Steps to reproduce:

Goto https://x.com
Click "Sign in"

Output from protocol monitor

{
    "requestId": "68659.140",
    "blockedCookies": [
        {
            "blockedReasons": [
                "SameSiteUnspecifiedTreatedAsLax"
            ],
            "cookieLine": "fm=0; Max-Age=0; Expires=Thu, 06 Feb 2025 15:50:45 GMT; Path=/; Domain=.twitter.com; Secure; HTTPOnly",
            "cookie": {
                "name": "fm",
                "value": "0",
                "domain": ".twitter.com",
                "path": "/",
                "expires": null,
                "size": 3,
                "httpOnly": true,
                "secure": true,
                "session": false,
                "priority": "Medium",
                "sameParty": false,
                "sourceScheme": "Secure",
                "sourcePort": 443
            }
        },
        {
            "blockedReasons": [
                "SameSiteUnspecifiedTreatedAsLax"
            ],
            "cookieLine": "_twitter_sess=BAh7CSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCPvd9NuUAToMY3NyZl9p%250AZCIlYmMzZDEyNjNkZTA1ZjhhN2ZhOGQ5YzljZWI1NGZmNDg6B2lkIiViNzVk%250AZjZlMzUwNTQ1NDczNjU1ZWExOTM3MjliZGEyMQ%253D%253D--69134484a5d7ee7cf9914a14208fdcbd1b0f21a4; Path=/; Domain=.twitter.com; Secure; HTTPOnly",
            "cookie": {
                "name": "_twitter_sess",
                "value": "BAh7CSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCPvd9NuUAToMY3NyZl9p%250AZCIlYmMzZDEyNjNkZTA1ZjhhN2ZhOGQ5YzljZWI1NGZmNDg6B2lkIiViNzVk%250AZjZlMzUwNTQ1NDczNjU1ZWExOTM3MjliZGEyMQ%253D%253D--69134484a5d7ee7cf9914a14208fdcbd1b0f21a4",
                "domain": ".twitter.com",
                "path": "/",
                "expires": -1,
                "size": 298,
                "httpOnly": true,
                "secure": true,
                "session": true,
                "priority": "Medium",
                "sameParty": false,
                "sourceScheme": "Secure",
                "sourcePort": 443
            }
        }
    ],
    "headers": {
        "cache-control": "no-cache, no-store, must-revalidate, pre-check=0, post-check=0",
        "content-encoding": "gzip",
        "content-length": "2178",
        "content-type": "text/javascript; charset=utf-8",
        "date": "Thu, 06 Feb 2025 15:50:45 GMT",
        "expires": "Tue, 31 Mar 1981 05:00:00 GMT",
        "last-modified": "Thu, 06 Feb 2025 15:50:45 GMT",
        "perf": "7402827104",
        "pragma": "no-cache",
        "server": "tsa_o",
        "set-cookie": "fm=0; Max-Age=0; Expires=Thu, 06 Feb 2025 15:50:45 GMT; Path=/; Domain=.twitter.com; Secure; HTTPOnly\n_twitter_sess=BAh7CSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCPvd9NuUAToMY3NyZl9p%250AZCIlYmMzZDEyNjNkZTA1ZjhhN2ZhOGQ5YzljZWI1NGZmNDg6B2lkIiViNzVk%250AZjZlMzUwNTQ1NDczNjU1ZWExOTM3MjliZGEyMQ%253D%253D--69134484a5d7ee7cf9914a14208fdcbd1b0f21a4; Path=/; Domain=.twitter.com; Secure; HTTPOnly",
        "status": "200 OK",
        "strict-transport-security": "max-age=631138519",
        "x-connection-hash": "2eee7887aa35e7540e89c05a16aa056e91bec7937cc9168080f1e54b10eaa9ab",
        "x-content-type-options": "nosniff",
        "x-frame-options": "",
        "x-response-time": "106",
        "x-transaction": "b524156b1768f48a",
        "x-transaction-id": "b524156b1768f48a",
        "x-twitter-response-tags": "BouncerExempt\nBouncerCompliant",
        "x-xss-protection": "0"
    },
    "resourceIPAddressSpace": "Public",
    "statusCode": 200,
    "cookiePartitionKey": {
        "topLevelSite": "https://x.com",
        "hasCrossSiteAncestor": true
    },
    "cookiePartitionKeyOpaque": false,
    "exemptedCookies": []
}

The text was updated successfully, but these errors were encountered:

See ChromeDevTools/devtools-protocol#317 Resolves: #494

tidbeck mentioned this issue Feb 6, 2025

JsonDecodingException when Cookie.expires is null joffrey-bion/chrome-devtools-kotlin#494

Closed

joffrey-bion added a commit to joffrey-bion/chrome-devtools-kotlin that referenced this issue Feb 9, 2025

Add workaround for optional Cookie.expired field

2194ce8

See ChromeDevTools/devtools-protocol#317 Resolves: #494

joffrey-bion added a commit to joffrey-bion/chrome-devtools-kotlin that referenced this issue Feb 10, 2025

Add workaround for optional Cookie.expired field

ffdbaac

See ChromeDevTools/devtools-protocol#317 Resolves: #494

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow null as expires value in Cookie #317

Allow null as expires value in Cookie #317

tidbeck commented Feb 6, 2025

Allow null as expires value in Cookie #317

Allow null as expires value in Cookie #317

Comments

tidbeck commented Feb 6, 2025

Environment

Steps to reproduce:

Output from protocol monitor