DEV Community

Cover image for Cookie Expiry Pitfalls
Daniel Waller (he/him)
Daniel Waller (he/him)

Posted on

Cookie Expiry Pitfalls

I just stumbled upon some browser behavior regarding cookies that seemed very strange to me but turned out to be actually pretty obvious and well documented.
I thought I'd share what I've learned just in case some of you might not have come across this either.

Session Cookie Expiry

This one should be pretty straight forward, right? Omitting the Expires property will result in a cookie that is deleted when a user ends the session, i.e. closes the browser.
Except, as MDN will inform you, if the user has set their browser to restore the previous session when closing.

A screenshot of the Firefox settings startpage showing the checked option 'Restore previous session'

If you are like me and carry around 100+ open tabs at all times, chances are you'll have this setting activated.

Chrome also has this feature of course.

While this is nothing new, it had never manifested itself as a problem for me until now...and it's easy to forget about when conceptualizing cookie use. So be warned.

👻 Timezones 👻

So you set an expiry date on your cookie, hm? Would be a shame if you didn't think about the possible discrepancies between your server's timezone and the browser using your site 😈
Again, as MDN explains:

When an expiry date is set, the time and date set is relative to the client the cookie is being set on, not the server.

This is fairly obvious when you think about it but something that is easily missed when thinking about setting cookies.

So there you have it. Two small details about setting cookies on server responses that could easily be missed and could lead to data being stored on a client for much longer than you intended.

Additionally this can become a fun source of obscure bugs that will manifest themselves with some classic "works on my machine 🤷" behavior in the future.

Happy coding! :)

Top comments (0)