Cookie Expire updates being ignored

[garybake]

When we login to an application it sends the response with a cookie that times out after half an hour
Set-Cookie:session-key=xxxx;Path=/;Expires=Mon, 04-May-2015 09:58:27 GMT;Max-Age=604800

During subsequent requests the server updates the cookie to keep moving the expire half an hour forward.
Set-Cookie:session-key=xxxx;Path=/;Expires=Mon, 04-May-2015 10:00:52 GMT;Max-Age=604800
This means that the users session will expire after half an hour of inactivity.

Using siege to test the application I start getting 401 responses after half an hour, when due to requests being sent it should keep the users session active.
(I use the normal login setup in .siegerc)
This looks like siege is creating the cookie ok but ignoring future requests to update the timeout.

[JoeDog]

Gary,

It seems as though your expectation is in line with the standard. The last
cookie in wins. I'll consider this a bug and try to fix it as soon as I can.

Jeff

On Mon, Apr 27, 2015 at 6:05 AM, Gary Bake notifications@github.com wrote:

When we login to an application it sends the response with a cookie that
times out after half an hour
Set-Cookie:session-key=xxxx;Path=/;Expires=Mon, 04-May-2015 09:58:27
GMT;Max-Age=604800

During subsequent requests the server updates the cookie to keep moving
the expire half an hour forward.
Set-Cookie:session-key=xxxx;Path=/;Expires=Mon, 04-May-2015 10:00:52
GMT;Max-Age=604800
This means that the users session will expire after half an hour of
inactivity.

Using siege to test the application I start getting 401 responses after
half an hour, when due to requests being sent it should keep the users
session active.
(I use the normal login setup in .siegerc)
This looks like siege is creating the cookie ok but ignoring future
requests to update the timeout.

—
Reply to this email directly or view it on GitHub
#9.

[garybake]

Thank you for the prompt response.
We have worked around it at the moment by setting a large expire time on the cookie.