js-cookie: Support max-age attribute instead of expires

Now that we dropped support for old IEs we can start to support max-age. Should we replace expires or support both?

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 1
  • Comments: 15 (13 by maintainers)

Most upvoted comments

I was about to send a PR for this, but it turns out that even recent versions of Internet Explorer do not support max-age as part of the document.cookie api. I probably misunderstood/misinterpreted the MDN compatibility table here, which is all about the Set-Cookie header. So IE starting with version 9 does understand a cookie header with Max-Age, but that’s it.

Here’s another extensive cookie compatibility reference table with proof: https://inikulin.github.io/cookie-compat/

A developer in need of max-age can always do: Cookies.set('foo', 'bar', { 'max-age': '3600'})

Closing 🤕

+3
carhartl on Oct 3, 2019

Hmmm, max-age is seductively simpler, both in implementation as well as usage. Since the value is the amount of seconds until the cookie expires, we wouldn’t even need to support both a number and a date. Just give us the cookie’s expected age in seconds as a number, that’s it. We wouldn’t even have to have any extra code handling this attribute any longer. We should replace expires with this, for all its simplicity, in v3.

+2
carhartl on Sep 11, 2019

“max-age” integrates with OAuth’s “expires_in” nicely too.

RE: https://tools.ietf.org/html/rfc6749#section-5.1

+1
jduhls on Oct 3, 2019

will result in less bytes to be sent over the wire

…in terms of the cookie string. It seems that the library itself will also be slightly smaller, but I need to see.

+1
carhartl on Sep 26, 2019
Read more comments on GitHub
← js-cookie: Running tests in Sauce Labs no longer working
js-cookie: Using js-cookie on third party sites / noConflict →