Description of the issue:
Brave Max-Age for cookies is 6 months
Steps to Reproduce (add as many as necessary): 1. 2. 3.
Set a cookie with a 1 year expiry and it will only store for 6 months on Brave
Actual Result (gifs and screenshots are welcome!):
6 months cookie storage
Expected result:
1 year cookie storage
Reproduces how often:
Every time
Operating System and Brave Version(See the About Brave page in the main menu):
Windows 10 Pro
Version 1.47.186 Chromium: 109.0.5414.119 (Official Build) (64-bit)
Additional Information:
The specification is 400 days, this allows for websites that you log into yearly (insurance form updates, for example) to still work. I would expect the browser to meet the specification (though some browsers do allow for longer, I would like to see at least the 400 day spec met
The Expires attribute indicates the maximum lifetime of the cookie, represented as the date and time at which the cookie expires. The user agent is not required to retain the cookie until the specified date has passed. In fact, user agents often evict cookies due to memory pressure or privacy concerns.
The user agent MUST limit the maximum value of the Expires attribute. The limit SHOULD NOT be greater than 400 days (34560000 seconds) in the future. The RECOMMENDED limit is 400 days in the future, but the user agent MAY adjust the limit (see Section 7.2). Expires attributes that are greater than the limit MUST be reduced to the limit.
which mean that user agent (browser in our case) should limit the expiration date to 400 days or less and it’s up to the browser to even reduce that limit so chrome/brave did not ignore the specs
another point this limit is part of chrome the core part of brave so if you like them to extend that limit it would be better to send that suggestion to chrome
What I am telling you is when I set a cookie in Brave that should be 12 months in duration, Brave restricts it to 6 months, and this is why I posted my query
I would like Brave to adjust whatever is necessary to allow a cookie duration of 12 months to be set within the browser, or explain why it cannot be set to such duration
Firefox, Edge and Chrome all set the cookie for 12 months, Brave sets it for 6 months, this tells me it is a decision made within Brave to restrict cookies to 6 months max life
This is expected behavior. We limit cookie lifetime as a privacy-enhancing feature — 7 days for JS cookies, 6 months (180 days) for HTTP cookies. You can see this in our documentation here:
Thank you for your reply @Mattches , I appreciate your time
Is there a way to adjust this as a user setting, while I understand the reasoning, I believe that a 400 day window per the specs (or even a 1 year and 1 day window) would be more useful for many users
I understand if this is not to be considered, as it is your prerogative, but I personally (and some other users per my stackoverflow search) concur with this