Gin Setting maxAge = -1 does not function as documented.

• With issues:
• Use the search tool before opening a new issue.
• Please provide source code and commit sha if you found a bug.
• Review existing issues and provide feedback or react to them.

Description

The following code should set a session cookie per the documentation but it does not.

func (sm *SessionManager) ClearClientSession(c *gin.Context) {
domain := os.Getenv("COOKIE_DOMAIN")
maxAge := -1
c.SetCookie(SESSION_COOKIE_NAME, "", maxAge, "/", domain, false, true)
}

How to reproduce

Execute the above code in a response to a post. Observe the response header you get back, Particularly observe the maxAge porton as is from an example of real code executing the above in an app:

            "name": "set-cookie",
            "value": "my_cookie=BS6ZGFn8kAAfbFADGgbkxBscKYXi1l_uBbIGXlKxCUuJ5juOkZ8c9My6Vv2EFtOvbuCht5fwNtctSYLHyON4C0kRSAfIguxNXe9lNN__mKQW4lpaWxmTyhqzCf-9dwrwV3go1d4XoUdc_6K1mb1WgWQJcsEC4xIMbJiTJtnl8W1e2_SItDaAXZ8ts3f1Aw8vMf2ISTcVXf6b8D4IjTeena9t8vH5q9l7TotP6kALvKaLY-RPZTlwUShkjbVGKYxselx0SSKQh2FKjaRaJOXY4k9Rt8INYpJheRpe6qHg6GYpso7TG9pxkTR45mkUcJ94wbelXeRhSP-rFbmTxp-QtAH34RPCcqToWn1bqE7PSMHJtfUSkVSifD6DO6hO4YI-b_rUfHk4Ds70RfdqK3ONgjlKkG12BNVjaLZmjgrsJUFaEkb7F-xq7YtbeWvBli09w1GDqlVU3UmoeHyedHsYDnDOvcViCY3KazT_RvYG5PI5mFPQatfig7APyokanNP39w9ZyJBn1A4JS0RDsPIX7_ZuB80zu29_bLAOZTouqWmDVO9aq41MYpZgz17pubdot1ETYDf3nWKCbdYZBe8MWHzu3z1Y_p2IDP97bcaXq66KP55tzCxJY-HTIK95eI17KkYT1-2OC6W0uEeFQ87ztzCzzNB6gs14FCrLUTP3p0n6aApL8N5zBkaeHO_Ln4yx20p5qjnfDOl89E2uavQO1fSmiVnAv7Nl8JAjZtIYRAT3LvQ%3D; Path=/; Domain=localhost; Max-Age=0; HttpOnly"

Expectations

The expectation is that the response header set-cookie should not provide a Max-Age=0, it should be ommitted entirely as per the documentation which states that a negative value creates a session cookie. But Max-Age=0 is an instantaneously deleted cookie NOT a SESSION cookie, it doesn't even last until the subsequent formform submission.

Actual result

We get a zero lifespan cookie NOT a session cookie.

Environment

• go version: 1.20
• gin version (or commit ref): v1.9.1
• operating system: windows

Comment From: RightFootConsulting

The docs are not clear and lots of misinformation online, but reading the code comments clarifies befhavior as expected.