HFSJ (pg 249) says that setMaxAge(-1) means that the cookie will disappear from the client, as soon as the browser quits. what can be the argument to setMaxAge(?), so that the cookie lives permanently on the client machine, so that it can be reused later with another request from the client.
Also on the client side(browser), the cookie is essentially a name value pair. But On the server there is a full fledged cookie object for each cookie created. is the cookie object garbage collected after the session object(which caused the cookie object to be created in case of a jsessionid cookie) is garbage collected.
As far as I know, the cookie state management mechanism does not support permanent cookie. Cookie can either be (1) invalidated immediately (2) expires after a period of time (3) deleted when browser exit. I guess the best we can do is to return a very long expiry date to mimic 'permanent'.