From f64accae5817139901351b8f6dfcbf91c8c5b5db Mon Sep 17 00:00:00 2001
From: Mohammad Faiz <mohdfaiz2k9@gmail.com>
Date: Fri, 29 May 2026 02:54:51 +0530
Subject: [PATCH] fix: handle non-finite numeric maxAge in res.cookie()

Infinity, -Infinity, and NaN maxAge values now gracefully produce a session cookie instead of throwing an unhandled TypeError from cookie.serialize(). Non-numeric invalid maxAge values (e.g. 'foobar') still throw as before.
---
 lib/response.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/response.js b/lib/response.js
index f965e539dd2..b5e9a2a47a1 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -759,7 +759,10 @@ res.cookie = function (name, value, options) {
   if (opts.maxAge != null) {
     var maxAge = opts.maxAge - 0
 
-    if (!isNaN(maxAge)) {
+    if (typeof opts.maxAge === 'number' && !isFinite(maxAge)) {
+      // strip non-finite numeric maxAge (Infinity, -Infinity, NaN)
+      delete opts.maxAge
+    } else if (!isNaN(maxAge)) {
       opts.expires = new Date(Date.now() + maxAge)
       opts.maxAge = Math.floor(maxAge / 1000)
     }