From 8c9d693fd760a423c836640afe66ddbfccccf96d Mon Sep 17 00:00:00 2001
From: Pierre Tachoire <pierre@lightpanda.io>
Date: Thu, 28 May 2026 14:33:30 +0200
Subject: [PATCH] set max-age to 0 when cookie is expired in CookieStore

---
 src/browser/webapi/storage/CookieStore.zig | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/browser/webapi/storage/CookieStore.zig b/src/browser/webapi/storage/CookieStore.zig
index 1919fc16..15ebf98a 100644
--- a/src/browser/webapi/storage/CookieStore.zig
+++ b/src/browser/webapi/storage/CookieStore.zig
@@ -406,10 +406,12 @@ fn storeCookie(exec: *const Execution, init: CookieInit) !void {
     if (init.expires) |ms| {
         // CookieStore expires is a unix timestamp in milliseconds. The Jar
         // already tracks expiry in seconds — convert via Max-Age so we don't
-        // have to format an HTTP-date.
+        // have to format an HTTP-date. Clamp at 0 (anything <= now means the
+        // cookie is being deleted; emit a clean "Max-Age=0").
         const now_ms = std.time.timestamp() * 1000;
-        const delta_seconds = @divTrunc(@as(i64, @intFromFloat(ms)) - now_ms, 1000);
-        try w.print("; Max-Age={d}", .{delta_seconds});
+        const delta_ms = @as(i64, @intFromFloat(ms)) - now_ms;
+        const max_age: i64 = if (delta_ms <= 0) 0 else @divTrunc(delta_ms, 1000);
+        try w.print("; Max-Age={d}", .{max_age});
     }
 
     switch (init.sameSite) {