Quick Answer:
Expires
sets an expiry date for when a cookie gets deleted
Max-age
sets the time in seconds for when a cookie will be deleted
(use this, it’s no longer 2009)
- Internet Explorer (ie6, ie7, and ie8) does not support “max-age”, while (mostly) all browsers support expires
Max-age vs Expires, let’s dive in a little deeper:
The
expires
parameter was part of the original cookies baked up by Netscape. In HTTP version 1.1,
expires
was deprecated and replaced with the easier-to-use
max-age
?instead of having to specify a date, you can just say how long the cookie can live. By setting either of these, the cookie will persist until its time runs out, otherwise?if you set neither?the cookie will last until you close your browser (a “session cookie”).
Setting a cookie for “foo=bar” to last 5 minutes, using
expires
:
var
d
=
new
Date
();
d
.
setTime
(
d
.
getTime
()
+
5
*
60
*
1000
);
// in milliseconds
document
.
cookie
=
'foo=bar;path=/;expires='
+
d
.
toGMTString
()
+
';'
;
And the same with
max-age
:
document
.
cookie
=
'foo=bar;path=/;max-age='
+
5
*
60
+
';'
;
Unfortunately, none of the current versions of Internet Explorer support
max-age
, so if you want proper cookie persistence cross-browser, then stick to
expires
.
Let’s open this up to some fake Q&A…
Q. What if I set both expires and max-age in a cookie?
A. Every browser that supports
max-age
will ignore the
expires
regardless of it’s value, and likewise, Internet Explorer will ignore the
max-age
and just use
expires
.
Q. What if I set just max-age in a cookie?
A. Every browser?except Internet Explorer?uses it properly. In Internet Explorer it will be a session cookie (it will be deleted when you close your browser).
Q. What if I set just expires in a cookie?
A. Every browser uses and persists it properly, just remember to set it in GMT time as seen in the example above.
Q. Where did you get these facts from?
A. I wrote a
cookie persistence test page
and tested it out on IE6, IE7, IE8, FF2, FF3, Safari 4, Google Chrome, and Opera 9.6. Let me know if you try it out on any other browsers or see anything contradictory.
Q. What’s the moral of this story?
A. If you care about your cookies functioning properly for
a huge percentage of web users (65.66%)
, don’t persist your cookies “the right way” according to spec (
max-age
), persist them the way that works (
expires
).
A. UPDATE: just use Max-Age, the web has improved since this was written.