Cookies are limited to 400 days of validity, now that I know… I summarised it again.
Click here for the official Chrome version.
Since Chrome 104, the lifetime of newly created cookies or cookies with a set expiry date is limited to 400 days thereafter. This limit also applies retrospectively to already stored cookies.
The latest version of Chrome limits them to 400 days, even if they are set to indefinite.
This means that until now, sites that use cookies and require long-term session management may experience problems.
The solution is to update cookies within 400 days or to manage the session lifecycle more proactively.
Use of local storage: for long-term session management, local storage is used to restore data when the user visits again. It will remain unless it is specifically and explicitly deleted. Use session storage when you want to control when tabs are closed or when the browser is closed.
Token-based authentication: use access tokens with short expiry times and renew sessions with refresh tokens; the amount of management required in the DB makes it difficult to switch over in existing systems.
Improved session management: when a cookie expires, a new cookie is issued and renewed on the server side. Cookies can be given to requests, managed on the back-end, set-cookie and returned in response. cookies expire after 400 days, so it is better to provide a separate cookie for renewal expiry.
