Cookie Max-Age too short

Description of the issue:
Brave Max-Age for cookies is 6 months

Steps to Reproduce (add as many as necessary): 1. 2. 3.
Set a cookie with a 1 year expiry and it will only store for 6 months on Brave

Actual Result (gifs and screenshots are welcome!):
6 months cookie storage

Expected result:
1 year cookie storage

Reproduces how often:
Every time

Operating System and Brave Version(See the About Brave page in the main menu):
Windows 10 Pro
Version 1.47.186 Chromium: 109.0.5414.119 (Official Build) (64-bit)

Additional Information:
The specification is 400 days, this allows for websites that you log into yearly (insurance form updates, for example) to still work. I would expect the browser to meet the specification (though some browsers do allow for longer, I would like to see at least the 400 day spec met

Hello @Kender

the specs said

The Expires attribute indicates the maximum lifetime of the cookie, represented as the date and time at which the cookie expires. The user agent is not required to retain the cookie until the specified date has passed. In fact, user agents often evict cookies due to memory pressure or privacy concerns.

The user agent MUST limit the maximum value of the Expires attribute. The limit SHOULD NOT be greater than 400 days (34560000 seconds) in the future. The RECOMMENDED limit is 400 days in the future, but the user agent MAY adjust the limit (see Section 7.2). Expires attributes that are greater than the limit MUST be reduced to the limit.

which mean that user agent (browser in our case) should limit the expiration date to 400 days or less and it’s up to the browser to even reduce that limit so chrome/brave did not ignore the specs

another point this limit is part of chrome the core part of brave so if you like them to extend that limit it would be better to send that suggestion to chrome

hope that help and have a nice day :slight_smile:

That is all fine and dandy.

What I am telling you is when I set a cookie in Brave that should be 12 months in duration, Brave restricts it to 6 months, and this is why I posted my query

I would like Brave to adjust whatever is necessary to allow a cookie duration of 12 months to be set within the browser, or explain why it cannot be set to such duration

Firefox, Edge and Chrome all set the cookie for 12 months, Brave sets it for 6 months, this tells me it is a decision made within Brave to restrict cookies to 6 months max life

this what i found

so just to make sure that you tested in brave and the cookies expire in 6 months am i right?

cause from your comment and also from this link i mentioned it changed in chrome

and let me ask @Mattches from the team about this one

and have a nice day both of you :slight_smile:

Today I “saved a login” on several browsers

On Edge, Firefox and on Chrome the cookie stored has an expiry of 12 months from today (February 2, 2024)

On Brave, I performed the same actions and the cookie generated has an expiry of 6 months (July 31, 2023)

I performed the same actions on all browsers (fill out login form, click “remember me” and submit form)

So again, I assert that Brave browser is not following the 400 day recommendation and instead using 6 months (exactly 180 days not including today)

This is Brave specific and does not seem to affect other Chromium based browsers

1 Like

@Kender thanks for explanation

let us wait till Mattches see that

Assuming @Mattches is a person who you are wanting to see this thread?

he is one of the brave team but i am just a user same as you

1 Like

This is expected behavior. We limit cookie lifetime as a privacy-enhancing feature — 7 days for JS cookies, 6 months (180 days) for HTTP cookies. You can see this in our documentation here:

1 Like

Thank you for your reply @Mattches , I appreciate your time

Is there a way to adjust this as a user setting, while I understand the reasoning, I believe that a 400 day window per the specs (or even a 1 year and 1 day window) would be more useful for many users

I understand if this is not to be considered, as it is your prerogative, but I personally (and some other users per my stackoverflow search) concur with this

There is no option to adjust this at this time. I will confirm with the team.

1 Like

Just keeping this alive, please let me know what the team says and if it would be something they would consider adding into a future build

It does indeed seem to be incorrect behavior. We’ve opened an issue to address this here:


Thank you for getting back to me, I appreciate you looking into this and hope to see a fix coming soon!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.