Javascript Cookie with no expiration date

Question

I would like to set up a cookie that never expires. Would that even be possible?

 document.cookie = "name=value; expires=date; path=path;domain=domain; secure";

I don't want to make the date really large, I am just wondering if there was a value for the expires parameter on the cookie that told it never to expire.

Thanks.

making the date large makes me feel as if I was cheating. If that's the only way to go, I guess I will have to make the date large. — Jose Vega, Feb 10 '09 at 14:56
Newer versions of Chrome are introducing a limit of 400 days: https://chromestatus.com/feature/4887741241229312 Expiration attributes greater than 400 days in the future will be reduced to the limit. — Zeronull, Jul 25 '22 at 14:11
You can achieve the near equivalent of a forever cookie by sending a cookie with an updated expiration date with every response. This way, as long as a user uses your website once every 400 days, the cookie remains forever (until 2038 at least). And to be honest, is that even a valid use case that users would not visit for over a year? — Christoph, Dec 02 '22 at 12:59

score 210 · Accepted Answer · edited May 18 '23 at 14:02

210

Nope. That can't be done. The best 'way' of doing that is just making the expiration date be like 2100.

Edit

As of August 2022, Chrome cookies can be set to expire after 400 days only.

edited May 18 '23 at 14:02

Ofer Zelig

17,068
9
59
93

answered Feb 10 '09 at 14:51

Paolo Bergantino

480,997
81
517
436

67

Only four more years to go. Hope you updated the cookie. – antony.ouseph.k Mar 30 '16 at 16:11
217

2020 - the year of the cookiepocalypse – JeffreyPia Apr 18 '16 at 17:57
32

Damn, it's getting closer every year, I hope your code has been updated. – kartsims Jan 08 '18 at 14:44
47

It's edited to 2030 now, we're postponing our doom 10 more years – Simeon Nakov Feb 23 '18 at 11:47
20

So, basically, on 19th Jan 2038, Chewie will sit in the Millennium Falcon and complain about the cookie policy popup on the galactic map API yet again... – nickhar Jul 16 '18 at 22:51
3

2097 ... why not? – Mike D3ViD Tyson Aug 24 '18 at 22:29
3

Time is flying. – Mike Ezzati Nov 14 '18 at 20:31
5

My man you better stop procrastinating and actually update that cookie. Count-down less one year to go (if you set the expiration date to 2020 as in the original answer) – Carel Jan 23 '19 at 12:39
2

10 months to go, hope you have updated the cookie. ;) – 0xInfection Feb 27 '19 at 19:02
@MikeD3ViDTyson Some browsers have issues with dates past 2038 – Radvylf Programs Apr 15 '19 at 12:30
6

Oh my god, it is happening! UPDATE YOUR COOKIE!!!!! Cookiepocalypse it's around the corner!!! – Ruffeng Nov 08 '19 at 12:09
4

The cookiepocalypse. Is here. – Quijibo Mar 21 '20 at 13:36
9

You were definitely right about the "pocalypse" part. Not seeing that many cookies though... – Illidanek Apr 07 '20 at 12:45
2

Phew. Safe for now, but I'll be sure to check back in in another 10 years. – Brendan W Jul 07 '20 at 20:33
4

Safe for another 80 years – Parsa Yazdani Aug 02 '20 at 09:18
1

79 and counting – RisingSun Apr 22 '21 at 21:43
2

2100 ... ??? our granchildren will witness the cookiepocalypse – Hannes Schneidermayer Jun 07 '21 at 20:16
1

494 months.. - I can see that happening – Motassem Kassab Jun 09 '21 at 14:22
Let's meet at 2100 – shtse8 Aug 26 '22 at 14:05
I finally understand why 2020 was such a mess. You really should have updated that cookie. – netsplit Mar 13 '23 at 20:09

score 118 · Answer 2 · answered Feb 10 '09 at 14:56

118

There is no syntax for what you want. Not setting expires causes the cookie to expire at the end of the session. The only option is to pick some arbitrarily large value. Be aware that some browsers have problems with dates past 2038 (when unix epoch time exceeds a 32-bit int).

answered Feb 10 '09 at 14:56

Jamie

2,104
1
15
9

34

2038-01-19, 03:14:08 UTC, to be precise. – Wilhelm Klopp Jan 16 '15 at 19:14
Just to clarify: is that a rule, working the same way in every browser? meaning that if I don't set the expiring date, the cookie will last only to the end of session. – Silver Ringvee Apr 18 '16 at 13:42
3

A cookie created without an `Expires` or `Max-Age` directive is a session cookie: it is deleted when the client shuts down. However, web browsers may use **session restoring**, which makes most session cookies permanent, as if the browser was never closed. ([source: MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Session_cookies)) – mfluehr Jul 26 '19 at 13:29

score 89 · Answer 3 · edited Nov 09 '15 at 16:40

89

You can do as the example on Mozilla docs:

 document.cookie = "someCookieName=true; expires=Fri, 31 Dec 9999 23:59:59 GMT";

P.S

Of course, there will be an issue if humanity still uses your code on the first minute of year 10000 :)

edited Nov 09 '15 at 16:40

Prusprus

7,987
9
42
57

answered Nov 20 '14 at 08:21

Nimir

5,727
1
26
34

139

Are you sure its a Friday? – David May 03 '16 at 09:38
9

https://www.google.com/webhp?sourceid=chrome-instant&rlz=1C1KMZB_enUS560US560&ion=1&espv=2&ie=UTF-8#q=what+day+is+december+31st+9999&* – Adam Nelson Mar 22 '17 at 16:55
7

Did not work for me using https://www.npmjs.com/package/universal-cookie. Went with the [year 2038 solution](https://stackoverflow.com/a/34586818/2024590). I wrote a ticket to come back in 2030 to see if there is a fix. – Hinrich Mar 28 '19 at 14:12

score 19 · Answer 4 · answered Jan 04 '16 at 07:55

19

All cookies expire as per the cookie specification, Maximum value you can set is

 2^31 - 1 = 2147483647 = 2038-01-19 04:14:07

So Maximum cookie life time is

$.cookie('subscripted_24', true, { expires: 2147483647 });

answered Jan 04 '16 at 07:55

Yuseferi

7,931
11
67
103

10

That number didn't work for me. After a bit of trial and error, the highest number I was able to use was 99983090 (expires=Fri, 12 Sep 275760 18:10:24 GMT). Anything higher returned "Invalid Date" – JeffreyPia Apr 18 '16 at 18:16
If you pass a number as expires parameter to jquery-cookie or js-cookie, it is taken as days to expire from now. If you want a fixed date you have to pass a Date object instead. – Dario Seidl Oct 16 '17 at 11:58
1

The above code uses the [jquery-cookie](https://github.com/carhartl/jquery-cookie) plugin which has been retired in favor of [js-cookie](https://github.com/js-cookie/js-cookie). – Jens Dec 12 '18 at 21:41
6

for vanilla JS: `document.cookie = 'subscripted_24=true; expires=' + new Date(2147483647 * 1000).toUTCString();` – Oksana Romaniv Oct 03 '19 at 17:31
1

@JeffreyPia You can get a couple extra hours, up until `Sat, 13 Sep 275760 00:00:00 GMT`. Makes all the difference. – Zed Jul 10 '21 at 23:48
1

04:14:07 might be BST? I think in UTC it's `2038-01-19T03:14:07+00:00` ? – Nick Jul 27 '21 at 11:21

score 13 · Answer 5 · answered Aug 14 '13 at 00:57

13

You could possibly set a cookie at an expiration date of a month or something and then reassign the cookie every time the user visits the website again

answered Aug 14 '13 at 00:57

Liam Martens

731
7
22

1

This is the right answer to set endless cookies. And if you need to take into account that the user never closes the site, you can implement an additional condition for updating cookies by any action or after a certain time. – Alex Shink Nov 30 '19 at 05:01

Benjamin Easterling · Answer 6 · 2015-10-14T19:09:21.730

13

If you don't set an expiration date the cookie will expire at the end of the user's session. I recommend using the date right before unix epoch time will extend passed a 32-bit integer. To put that in the cookie you would use document.cookie = "randomCookie=true; expires=Tue, 19 Jan 2038 03:14:07 UTC;, assuming that randomCookie is the cookie you are setting and true is it's respective value.

edited Oct 14 '15 at 19:09

answered Oct 13 '15 at 15:12

Benjamin Easterling

131
1
3

rhavendc · Answer 7 · 2016-05-04T07:01:10.147

3

YOU JUST CAN'T. There's no exact code to use for setting a forever cookie but an old trick will do, like current time + 10 years.

Just a note that any dates beyond January 2038 will doomed you for the cookies (32-bit int) will be deleted instantly. Wish for a miracle that that will be fixed in the near future. For 64-bit int, years around 2110 will be safe. As time goes by, software and hardware will change and may never adapt to older ones (the things we have now) so prepare the now for the future.

See Year 2038 problem

edited May 04 '16 at 07:01

answered May 04 '16 at 06:51

rhavendc

985
8
21

6

I think you don't realize [how far into the future a 64 bit computer can count](https://en.wikipedia.org/wiki/Year_2038_problem#Solutions), namely 292 billion years – Gust van de Wal Mar 23 '17 at 01:01
@GustvandeWal So yeah? I've already read that. I even included that link in my answer. – rhavendc Mar 24 '17 at 08:07
2

From your answer: For *64-bit int*, years around 2110 will be safe. This seems suspiciously much like you expect 64-bit computers to count twice as far as 32-bit computers (1970 -> 2035 -> 2110) – Gust van de Wal Mar 24 '17 at 14:14
@GustvandeWal Sorry if my words sound suspicious. Maybe it's not the best way to say it in english. But hey, I didn't expect or think that kind of idea you've just said. – rhavendc Mar 27 '17 at 07:12
Then how did you come up with the idea that 2110 will be safe? – Gust van de Wal Mar 27 '17 at 22:23
@GustvandeWal That's just my example for current programs that will make it or will still be in use for more than 25 yrs from now. I just want to say is, somehow your code will not face date problems after the 32-bit date limitation unless in that year, better solutions or techs emerge. – rhavendc Mar 28 '17 at 06:33
5

A small note: if we would be using 33-bit processors, then the year 2110 would make sense. – hegez Apr 08 '17 at 17:07

score 2 · Answer 8 · answered Sep 30 '22 at 13:04

As said before, not setting an expiration date will give you the exact opposite, as the browser will get rid of it at the end of your session. So you have to set an expiration date to make sure it lasts.

BUT since 09/2022, Chrome limits your cookie max age to 400 days (https://chromestatus.com/feature/4887741241229312):

When cookies are set with an explicit Expires/Max-Age attribute the value will now be capped to no more than 400 days in the future. Previously, there was no limit and cookies could expire as much as multiple millennia in the future.

Motivation

The draft of rfc6265bis now contains an upper limit for Cookie Expires/Max-Age attributes. As written:
"The user agent MUST limit the maximum value of the [Max-Age/Expiration] attribute. The limit MUST NOT be greater than 400 days (34560000 seconds) in duration. The RECOMMENDED limit is 400 days in duration, but the user agent MAY adjust the limit to be less. [Max-Age/Expiration] attributes that are greater than the limit MUST be reduced to the limit."

400 days was chosen as a round number close to 13 months in duration. 13 months was chosen to ensure that sites one visits roughly once a year (e.g., picking health insurance benefits) will continue to work.

So there you go, 400 days is the max lifespan you can shoot for.

This answer is better since it contains the info regarding Chrome's update. Just a suggestion, but might be more complete and more qualified to replace previous answers if you also included code example. — Michael, Jan 13 '23 at 13:48

score 1 · Answer 9 · answered Dec 18 '15 at 21:45

1

If you intend to read the data only from the client-side, you can use the local storage. It's deleted only when the browser's cache is cleared.

answered Dec 18 '15 at 21:45

jfhfhf839

1,629
1
12
13

Or the browser is closed or the computer is shut down – Radvylf Programs Oct 27 '18 at 16:35
1

@RedwolfPrograms Since when is local storage cleared when browser closes or computer shuts down? – Igor Jerosimić Apr 15 '19 at 09:24
@IgorJerosimić Oops! I guess I thought that because of a bug in a site of mine... – Radvylf Programs Apr 15 '19 at 12:29
Is local storage cleared when the browser cache is cleared? If so, that might explain some issues with major sites. – Jake Feb 20 '23 at 00:47

score 0 · Answer 10 · answered Jan 19 '23 at 01:42

Try Javascript Local Storage

<!DOCTYPE html>
<html>
<body>

<h1>The Window Object</h1>
<h2>The localStorage Property</h2>

<p>Saved name is:</p>
<p id="demo"></p>

<script>
// Set Item
localStorage.setItem("lastname", "Smith");
// Retrieve
document.getElementById("demo").innerHTML = 
localStorage.getItem("lastname");
</script>

</body>
</html>

Note: The localStorage object stores data with no expiration date. The data is not deleted when the browser is closed and are available for future sessions.

If you delete cookie in your web browser manually, all local storage data will delete too.

Unlike Cookie, localStorage cannot be access from PHP Code script. This is not recommended if you need login credential that needs verification from server side.

score 0 · Answer 11 · answered Feb 20 '23 at 00:38

You can and should refresh the cookie expiration date whenever a vistor returns to your site.

Just set the cookie again to the same value as before, but with a new expiration date, further in the future. Do this whenever you initialize values from cookies. That way, regular visitors will not lose their settings.

Javascript Cookie with no expiration date

11 Answers11

Linked