Hi,

A cookie is fed from a web site via the Set-Cookie header like
this:

Set-Cookie: NAME=VALUE; Max-Age=-86400; Expires=Sun, 12 Nov 2017 06:26:31 GMT; Path=/; HTTPOnly

In this case, NAME and VALUE appearing in the beginning is the
cookie, and the others are its attributions.  However, url-cookie
recognizes Max-Age, HTTPOnly, etc. as individual cookies, and
sends them to the web site when a user posts forms in the page.
This will cause "500 Internal Server Error" in some web site[1].

In additin, although Max-Age should be preferred to Expires[2],
url-cookie doesn't process it.

A patch is below.

[1] Try visiting <https://help.openstreetmap.org> and
<https://help.openstreetmap.org/questions/5356/who-edited-my-map-corrections-and-made-it-all-wrong-again/5357>
in turn using eww.

To try the patched url-cookie.el, you have to delete those bogus
cookies in advance.  An easy way to do that is to shutdown Emacs
and to delete the "~/.emacs.d/url/cookies" file.

[2] <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie>


* lisp/url/url-cookie.el (url-cookie-handle-set-cookie):
Regard a Set-Cookie header as it contains a single cookie;
prefer Max-Age to Expires and convert it to Expires;
remove support for old time string styles.