accountdb cookie is a session cookie, should have expiry set.

[jrgm]

This should probably have an expiration equal to the expiration embedded in the client-sessions cookie.

Set-Cookie: accountdb=kljfaoiueowiur...jofiasudfou; path=/; secure; httponly

[ozten]

Interesting. This bug applies to both our session and accountdb cookies.

It probably hasn't been a problem in production for session, since we reset the cookie as soon as possible.

Great catch!

[jrgm]

Cookies are now returned on the appropriate requests with 'expires' set to match the expiry embedded in the cookie.

Set-Cookie: session=FBT...cJb4.1367009493164.86400000.w7D...w64; path=/; expires=Sat, 27 Apr 2013 20:51:33 GMT; secure; httponly
Set-Cookie: accountdb=_j9...ENA.1367009671298.31536000000.G2s...wpg; path=/; expires=Sat, 26 Apr 2014 20:54:31 GMT; secure; httponly