Merge pull request ESAPI#380 from mickilous/develop

xeno6696 · web-flow · commit 4853956955d9 · 2017-07-16T09:14:15.000-07:00
Support of Cookie without maxAge set
diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
@@ -124,7 +124,9 @@ private String createCookieHeader(String name, String value, int maxAge, String
         // Set-Cookie:<name>=<value>[; <name>=<value>][; expires=<date>][;
         // domain=<domain_name>][; path=<some_path>][; secure][;HttpOnly
         String header = name + "=" + value;
-        header += "; Max-Age=" + maxAge;
+        if (maxAge >= 0) {
+            header += "; Max-Age=" + maxAge;
+        }
         if (domain != null) {
             header += "; Domain=" + domain;
         }
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
@@ -340,7 +340,9 @@ private String createCookieHeader(String name, String value, int maxAge, String
         // Set-Cookie:<name>=<value>[; <name>=<value>][; expires=<date>][;
         // domain=<domain_name>][; path=<some_path>][; secure][;HttpOnly]
         String header = name + "=" + value;
-        header += "; Max-Age=" + maxAge;
+		if (maxAge >= 0) {
+			header += "; Max-Age=" + maxAge;
+		}
         if (domain != null) {
             header += "; Domain=" + domain;
         }
