Rationale for Max-Age for Cookie Set to 2147483648

[jlpoolen]

I've been studying the API for moonfire-nvr and doing some tests. I found that when I successfully login, I get a cookie back that has a Max-Age value of 2147483648. Here's an example of a call and its return:

command:

curl --silent --include --request POST --json '{"username": "jlpoole", "password":"XXXXXXXX"}' --cookie-jar /home/jlpoole/work/moonfire/curl_cookies.txt localhost:8080/api/login

result:

HTTP/1.1 204 No Content
set-cookie: s=cPGg3yLa2vqNgJ6uNbqkQflhU9pYohcl5ygM7Gc7SnAkbKoL8GakQPRf5pMGRPcB; HttpOnly; SameSite=Lax; Max-Age=2147483648; Path=/
cache-control: private, no-cache
date: Sun, 12 Mar 2023 16:17:20 GMT

A search for Max-Age reveals about 24 entries, five of which look to be of Scott's making, the others brought in by supporting modules and presumably by other authors.

 jlpoole@eos ~/moonfire-nvr $ find . -type f |xargs grep -noP 'Max-Age'

I found searching for the value, it appears about 160 times in the tree:

 lpoole@eos ~/moonfire-nvr $ find . -type f |xargs grep -noP '2147483648'

The specifications at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie states:

 Max-Age=<number> Optional

Indicates the number of seconds until the cookie expires. 
A zero or negative number will expire the cookie immediately. 
If both Expires and Max-Age are set, Max-Age has precedence.

The value of 2147483648, if it does represent seconds, equates to:

 Minutes: 35791394.1333333
 Hours: 596523.235555556
 Days: 24855.1348148148

So what is the reason for using "2147483648" as a value, assuming 2147483648 represents seconds, and not milleseconds or the like? To have a permanent cookie? If so, then if I obtain a cookie today, I can use the same cookie tomorrow after a server reboot and perhaps there is no need to fetch cookies once you have a cookie for a particular user??