Expect-cf problemm with max age limit

Hello Cloudflare,
I am trying to send support ticket but its not possible.
We have problem with expect-cf cookie which is limiting our cookie time to 1 year.
We need to make sure Cloudflare removes this limitation for our cookies on our domains.
Kind Regards!

What cookie exactly are you having issues with?

I’m not aware of any expect-cf cookie added by Cloudflare.

1 Like

Hello KianNH,
Cloudflare is limiting my cookies expiration date to max limit 1 year.

I need to make sure that we can add cookie time with unlimited limit.
Kind Regards

That’s a header not a cookie. So all good.

1 Like

Hello there,
I will create a test file so you can understand more.
dragonorders(dot)com(slash)test.php
The code inside looks like this:

<?php echo "current time-".time(); setcookie('TEST', '1', time() + (86400 * 30 * 12 * 3), '/', $_SERVER['HTTP_HOST']); ?>

This should make cookie to expire after 3 years, but it doesnt make cookie expire after 3 years, but after 1 year as Cloudflare is limiting the cookie expire date by max 1 year-you can test yourself.
Kind Regards!

Probably not Cloudflare… I don’t see anything about an expect-cf header having anything to do with site cookies in the documentation for that header.

More likely being enforced by the browser…

curl -Ik https://dragonorders.com/test.php
HTTP/2 200
date: Fri, 02 Sep 2022 18:13:55 GMT
content-type: text/html; charset=UTF-8
set-cookie: TEST=1; expires=Sun, 17-Aug-2025 18:13:55 GMT; Max-Age=93312000; path=/; domain=dragonorders.com

A 3 year cookie is returned via curl.

2 Likes

The user agent MUST limit the maximum value of the Max-Age attribute. The limit SHOULD NOT be greater than 400 days (34560000 seconds) in duration. The RECOMMENDED limit is 400 days in duration, but the user agent MAY adjust the limit (see Section 7.2). Max-Age attributes that are greater than the limit MUST be reduced to the limit.

As Chris mentioned, this is a limitation added by browsers as per specification.

2 Likes

Hello guys,
Thanks a lot for your answers, do you know from which Chrome version does did cookie update apply? So we cannot include anymore cookie expiration date higher then 400 days, is there any other way?
Thank you!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.