Cookie Expiry Date Not Set Correctly in Javascript

Question

I have this Javascript for snowflakes on my website where I am storing a cookie to remember the user's toggle setting for snow on or off.

What I'm trying to do, is set the cookie to expire on 6th January every year (after 12th night) and the snow is only active between 1st December and 5th January each year anyway.

So, I am trying to set the cookie expires date to be 6th Jan next year or this year (will work for every year going forwards without edit I hope), based on whether the user clicks on the page in December this year or before 5th January next year.

I have added alerts to the page to display the value of expiryDate after clicking the toggle button and as far as I can see, the UTC date result is fine, but when I look at the expiry date in my browser console, it is always 1 week from when I clicked the button, so the expiryDate is being set to + 1 week, but is not being set to 6th Jan next year, even though the value of expiryDate looks good on alert.

In order to decide if the year of expiry is this year or next year, I am checking the month value - if it is not zero (ie January), then the year of expiry is next year, otherwise it is this year.

function toggleSnow() {

  const dateNow = new Date();
  let year = dateNow.getYear();
  let month = dateNow.getMonth();
  var expiryYear;
  if (month == 0) {
    expiryYear = year + 1900;
  } else {
    expiryYear = year + 1901;
  }

  const dayOnExpiry = new Date("Jan 06, " + expiryYear + " 12:00:00");
  var expiryDate = dayOnExpiry.toUTCString();

  var toggleOnOff = document.getElementById("snowContainer");
  var newState = toggleOnOff.nextElementSibling;

  if (toggleOnOff.classList.toggle("active")) {
    document.cookie = "Snow=No; Expires=" + expiryDate + "; Path=/; Domain=xxx; Secure; SameSite=Strict; Priority=High";
  } else {
    document.cookie = "Snow=Yes; Expires=" + expiryDate + "; Path=/; Domain=xxx; Secure; SameSite=Strict; Priority=High";
  }
}

Why does is the expiry date of the cookie always + 1 week and not 6th january, or am I doing nothing wrong and it's a browser thing?

Answer 1

This is due to Safari's Intelligent Tracking Prevention. It limits certain cookies to 7 day expiration. From What Restricts Does ITP Place on Cookies and Other Web Browser Storage? :

• First-party cookies created by JavaScript's document.cookie will expire in 7 days. If the cookies are accessed within those 7 days, then their expiration date will be extended by 7 days.
• First-party cookies created by JavaScript's document.cookie AND are created by a tracking domain AND use link decoration will expire in 24 hours. If the cookies are accessed within 24 hours, then their expiration date will be extended by another 24 hours.

So even though the expiration is set to 1 week, if the user continues to access the site that uses the cookie, it will be extended automatically.