[WA]

Technically, the server cannot check cookie expiration dates, because they are never transmitted to the server. Only the cookie content is transmitted.

What I mean is: On the server, you receive an auth token that comes from the cookie. Do the logic whether or not that auth token is valid and may be used to re-authenticate the user on the server only and handle the entire logic for expiration on the server.

Do not rely on the fact that the cookie itself is present, because the user might have fiddled with the expiration date.