Sorry if this has been already asked. I searched the archives and didn't find what I was looking for.
Has anyone else run into an issue with persistent cookies in Tomcat 8.5+ and IE not working? We are seeing an issue where the new default cookie processor, org.apache.tomcat.util.http.Rfc6265CookieProcessor, is not writing out the expires tag for the cookies. It is only writing out max-age in the generateHeader() method. This is a change from the previous cookie processing. Here's the current code: https://svn.apache.org/repos/asf/tomcat/trunk/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java There is documentation at https://tomcat.apache.org/tomcat-8.5-doc/config/cookie-processor.html which explains the new vs legacy cookie handler and that this behavior is intentional. It doesn't explain that this behavior isn't limited to IE6-7. It also affects IE8-11 and Edge and as a result, by default, Tomcat 8.5+ does not create persistent cookies that work with IE on any IE version. Does it make sense that the shipping configuration would not work with IE for persistent cookies? There are other gotchas like blank/null cookie values cause problems with the new default processor and a leading period in the cookie domain causes issues. We have fixed these issues across many applications, but weren't expecting issues with persistent cookies not working at all in IE. The documentation on the Tomcat page alludes to IE6-7 having the issue. It doesn't mention the other versions. We are looking into short term solutions (while avoiding the legacy cookie processor ) - writing our own headers, creating a filter, ... Another interesting observation is that the ExpiresFilter included with Tomcat still writes both the expires and max-age attributes. https://tomcat.apache.org/tomcat-8.5-doc/api/org/apache/catalina/filters/ExpiresFilter.html Here's a page where you can see the issue of IE not reading the max-age attribute. On Chrome, FF, and Safari, the test will complete after a few runs. On IE, it runs indefinitely. http://mrcoles.com/media/test/cookies-max-age-vs-expires.html If I have missed some configuration, tested incorrectly, etc., please let me know.
