rfc6265 - Max-Age Attribute - browser sessions preservation

Hi,

The "new" rfc6265, define max-age attribute as

If a cookie has neither the Max-Age nor the Expires
attribute, the user agent will retain the cookie until "the current session is over" (as defined by the user agent).

Some browsers have the concept of keep the browser session where an user left previous to close the browser (including not deleting session cookies):

Firefox call it:

Restore previous session

Chrome:

Continue where you left off

If a user uses these features, isn't the persistence with "HTTP Cookie Insert" (with session cookie) doomed ?

How to keep an healthy balancing between the nodes if the client always use the same node (because do not delete session cookie)?

Best Regards,

Filipe

Forum Discussion

rfc6265 - Max-Age Attribute - browser sessions preservation

Recent Discussions

Geo Fence in ASM through irule for URI

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Related Content

APM session attribute exists

Add SameSite attribute to APM Cookies

Lightboard Lessons: HTTP Cookie SameSite Attribute

Set the SameSite Attribute for LTM Persistence Cookies

HTTP POST redirect preserving POST data