Change the Default MaxAge in Session #807

Radagaisus opened this Issue May 13, 2013 · 1 comment


None yet
2 participants


By default cookie.maxAge is null, meaning no "expires" parameter is set
so the cookie becomes a browser-session cookie. When the user closes the
browser the cookie (and session) will be removed.

I don't get this default. 99% of the applications are better off with a 14 days maxAge default. Especially with programmers' tendency to (1) never ever close the browser (2) never ever read the manual.


jonathanong commented Oct 12, 2013

it's the default so that (2) programmers will read the manual and because it's the least opinionated option. why 14 days? why not 28? or 30?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment