SetMaxAge of cookie

One problem during the internship,
 
Environment: jsp, struts2, and tomcat6
 
Question: How to set the cookie Validity Period
 
 
A vote is being made, but each host is required to vote for each vote only once, and repeated voting should be avoided as much as possible (but this requirement is not particularly strict). Therefore, we should use cookies to implement the voting, minimize the pressure on the server.
 
 
After a host votes for this vote for the first time, it creates a cookie in the code and then adds the cookie. setMaxAge is set to 30 days, and then response to the client. When the client returns a vote for this vote, it will attach the new cookie on it, in this way, I can traverse all the cookies and obtain my cookie, and then verify whether the host has voted.
 
The problem arises. The value of setMaxAge I set is 30 days, but when the cookie returns again, its value is changed to-1. We all know that the default value is-1, in addition, this indicates a session. Like a session, it will be deleted after the session ends.
 
Solution: possible problems (Code, browser? , Browser cookie settings problems? ,)
 
First, I read my own code. No problem.
 
Debug again and find it is-1.
 
It may be the Firefox browser or-1. (The misunderstanding of session between IE and Firefox: I will explain it in detail below .)
 
After the voting is complete, close the current session, restart a session, and still receive the new cookie, maxAge is still-1. (My maxAge value is successfully set, and it also takes effect)
 
View the J2EE document. The above is clearly written. I use setMaxAge for settings. No way. google, there are not many similar problems, but there are some, the results are all gone. There are not many websites outside of google, but there are also some websites. The results are the same and there is no answer.
 
My guess: the browser seems to be indifferent to this maxAge attribute, but it can get the value of maxAge, set the expiration time for the cookie in the browser (this time is the value obtained from maxAge), and then when the next request is sent to the server, it will attach all cookies (you can obtain the path and domain attributes before, and then determine whether to send them ). The so-called session is generally transmitted in the form of cookie ("JSESSIONID", unique identifier) when the Browser allows cookies. Therefore, the browser may regard all cookies as session, by default, the value of maxAge is-1.
 
 
 
 
 
 
People who have had the same experience but who have different opinions from me want to talk about it. (Which of the following is the best person who will develop a browser and read the tomcat source code? Give me some advice. Thank you)
 
 
 
Misunderstanding of session between IE and Firefox:
 
When I first started learning sessions, I found that the most common understanding of a session is not as described in the document: a browser page opens the current page or the pages derived from the current page and Server sessions are within the same session range. Because other browsers such as IE, Firefox, Google, or opera are somewhat different, sometimes a session is initiated from the Firefox page, the current page is closed, and a new page is re-opened for discovery, or the session range of the previous page (but it won't happen if I change to IE ). It is very strange (the reason: those pages opened by Firefox are actually in a process, so of course they belong to a session. However, if the firefox.exe process is killed and re-opened, the above problem will not occur, in addition to IE, it seems that most browsers adopt this method. After all the pages of Firefox are closed, there will be an interface. These pages seem to be sub-pages of the main interface, so sessions are shared, should they all share the main interface ?)
 

This is an excerpt from the love of geming