세션 중에 쿠키가 만료 되나요?

Question

쿠키가 오늘 오후 7시에 만료되도록 설정하고 오후 6시 30 분에 세션을 시작한 경우 해당 세션 중에 요청을했지만 오후 7시 이후에 세션이 끝나면 브라우저가 이미 쿠키를 삭제했기 때문에 쿠키가 포함됩니다.

Answer 1

예, 쿠키는 세션 중에 만료되어 일상적으로 그렇게 할 수 있습니다. 쿠키는 세션에 있거나 세션에 관계없이 만료 될 때 만료됩니다. 서버가 세션에서 쿠키가 지속되기를 원하면 세션 쿠키가되도록 쿠키를 재설정하거나 나중에 만료 시간을 설정해야합니다.

브라우저가 서버에 만료 된 쿠키를 보내지 않아야합니다.
            선택 사양

최대 - 나이 = 값이이 상태 RFC 2965 (년 10 월 2000)으로 처리되었다. 최대 에이지 속성 값
            초 쿠키의 수명 진수 음수
            정수 델타 - 초이다. 제대로 캐시 쿠키를 처리하기 위해, 클라이언트는
           은 나이 계산에 따라 쿠키의 나이를 계산해야한다
는 HTTP/1.1 사양 [RFC2616]에서             규칙을. 나이 델타 초 초보다
            큰 경우, 클라이언트는
            쿠키를 삭제해야한다. 값이 0이면 쿠키를 폐기해야 함을 의미합니다.
          즉시 삭제해야합니다.

을 [강조는 추가] 그리고 말한다 : 폐기되어 있어야 만료 따라서 원 서버에 전달 가없는 제품도 있습니다

쿠키.

이 RFC는 점 년 4 월 ~ 2011 년 10 월 2000 위치에 [중점을 추가, RFC 2965 (년 10 월 2000) RFC 6265에 의해 (4 월 2011) 대체되었다. RFC 6265는 만료 된 쿠키를 "SHOULD"에서 "MUST"로 제거해야한다는 요구 사항을 변경했습니다.RFC 6265 메시지 :

4. Server Requirements 
... 
4.1.2.1. The Expires Attribute 

    The Expires attribute indicates the maximum lifetime of the cookie, 
    represented as the date and time at which the cookie expires. The 
    user agent is not required to retain the cookie until the specified 
    date has passed. In fact, user agents often evict cookies due to 
    memory pressure or privacy concerns. 

4.1.2.2. The Max-Age Attribute 

    The Max-Age attribute indicates the maximum lifetime of the cookie, 
    represented as the number of seconds until the cookie expires. The 
    user agent is not required to retain the cookie for the specified 
    duration. In fact, user agents often evict cookies due to memory 
    pressure or privacy concerns. 

     NOTE: Some existing user agents do not support the Max-Age 
     attribute. User agents that do not support the Max-Age attribute 
     ignore the attribute. 

    If a cookie has both the Max-Age and the Expires attribute, the Max- 
    Age attribute has precedence and controls the expiration date of the 
    cookie. If a cookie has neither the Max-Age nor the Expires 
    attribute, the user agent will retain the cookie until "the current 
    session is over" (as defined by the user agent). 
... 
5. User Agent Requirements 
... 
5.2.1. The Expires Attribute 

    If the attribute-name case-insensitively matches the string 
    "Expires", the user agent MUST process the cookie-av as follows. 

    Let the expiry-time be the result of parsing the attribute-value as 
    cookie-date (see Section 5.1.1). 

    If the attribute-value failed to parse as a cookie date, ignore the 
    cookie-av. 

    If the expiry-time is later than the last date the user agent can 
    represent, the user agent MAY replace the expiry-time with the last 
    representable date. 
    If the expiry-time is earlier than the earliest date the user agent 
    can represent, the user agent MAY replace the expiry-time with the 
    earliest representable date. 

    Append an attribute to the cookie-attribute-list with an attribute- 
    name of Expires and an attribute-value of expiry-time. 

5.2.2. The Max-Age Attribute 

    If the attribute-name case-insensitively matches the string "Max- 
    Age", the user agent MUST process the cookie-av as follows. 

    If the first character of the attribute-value is not a DIGIT or a "-" 
    character, ignore the cookie-av. 

    If the remainder of attribute-value contains a non-DIGIT character, 
    ignore the cookie-av. 

    Let delta-seconds be the attribute-value converted to an integer. 

    If delta-seconds is less than or equal to zero (0), let expiry-time 
    be the earliest representable date and time. Otherwise, let the 
    expiry-time be the current date and time plus delta-seconds seconds. 

    Append an attribute to the cookie-attribute-list with an attribute- 
    name of Max-Age and an attribute-value of expiry-time. 
... 
5.3. Storage Model 
... 
    A cookie is "expired" if the cookie has an expiry date in the past. 

    The user agent MUST evict all expired cookies from the cookie store 
    if, at any time, an expired cookie exists in the cookie store. 

    At any time, the user agent MAY "remove excess cookies" from the 
    cookie store if the number of cookies sharing a domain field exceeds 
    some implementation-defined upper bound (such as 50 cookies). 

    At any time, the user agent MAY "remove excess cookies" from the 
    cookie store if the cookie store exceeds some predetermined upper 
    bound (such as 3000 cookies). 

    When the user agent removes excess cookies from the cookie store, the 
    user agent MUST evict cookies in the following priority order: 

    1. Expired cookies. 

    2. Cookies that share a domain field with more than a predetermined 
     number of other cookies. 

    3. All cookies. 

    If two cookies have the same removal priority, the user agent MUST 
    evict the cookie with the earliest last-access date first. 

    When "the current session is over" (as defined by the user agent), 
    the user agent MUST remove from the cookie store all cookies with the 
    persistent-flag set to false.