From 013c0b2900d79bab1ae8db9da8df8c64452c4abf Mon Sep 17 00:00:00 2001
From: genius00hwan <qnfn120@gmail.com>
Date: Fri, 18 Jul 2025 13:39:56 +0900
Subject: [PATCH] docs: clarify ResponseCookie Max-Age behavior according to
 RFC 6265

Signed-off-by: genius00hwan <qnfn120@gmail.com>
---
 .../springframework/http/ResponseCookie.java  | 28 +++++++++++++------
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/spring-web/src/main/java/org/springframework/http/ResponseCookie.java b/spring-web/src/main/java/org/springframework/http/ResponseCookie.java
index b5e14851301f..6057b1c847d4 100644
--- a/spring-web/src/main/java/org/springframework/http/ResponseCookie.java
+++ b/spring-web/src/main/java/org/springframework/http/ResponseCookie.java
@@ -79,12 +79,18 @@ private ResponseCookie(String name, @Nullable String value, Duration maxAge, @Nu
 
 
 	/**
-	 * Return the cookie "Max-Age" attribute in seconds.
-	 * <p>A positive value indicates when the cookie expires relative to the
-	 * current time. A value of 0 means the cookie should expire immediately.
-	 * A negative value means no "Max-Age" attribute in which case the cookie
-	 * is removed when the browser is closed.
+	 * Return the cookie "Max-Age" attribute.
+	 * <p>
+	 * <ul>
+	 *   <li>Positive value: the cookie expires after the specified duration (persistent cookie).</li>
+	 *   <li>Zero: the cookie expires immediately (deleted).</li>
+	 *   <li>Negative value: no "Max-Age" attribute is sent, and the cookie becomes a <b>session cookie</b>
+	 *       (removed when the browser is closed).</li>
+	 * </ul>
+	 *
+	 * <p>See <a href="https://datatracker.ietf.org/doc/html/rfc6265#section-5.2.2">RFC 6265, Section 5.2.2</a>.
 	 */
+
 	public Duration getMaxAge() {
 		return this.maxAge;
 	}
@@ -268,11 +274,15 @@ public interface ResponseCookieBuilder {
 
 		/**
 		 * Set the cookie "Max-Age" attribute.
+		 * <p>
+		 * <ul>
+		 *   <li>Positive value: the cookie expires after the specified duration (persistent cookie).</li>
+		 *   <li>Zero: the cookie expires immediately (deleted).</li>
+		 *   <li>Negative value: no "Max-Age" attribute is sent, and the cookie becomes a <b>session cookie</b>
+		 *       (removed when the browser is closed).</li>
+		 * </ul>
 		 *
-		 * <p>A positive value indicates when the cookie should expire relative
-		 * to the current time. A value of 0 means the cookie should expire
-		 * immediately. A negative value results in no "Max-Age" attribute in
-		 * which case the cookie is removed when the browser is closed.
+		 * <p>See <a href="https://datatracker.ietf.org/doc/html/rfc6265#section-5.2.2">RFC 6265, Section 5.2.2</a>.
 		 */
 		ResponseCookieBuilder maxAge(Duration maxAge);