diff --git a/lib/response.js b/lib/response.js
index 7a2f0ecce56..7a7634774a2 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -727,7 +727,7 @@ res.clearCookie = function clearCookie(name, options) {
  *
  * Options:
  *
- *    - `maxAge`   max-age in milliseconds, converted to `expires`
+ *    - `maxAge`   max-age in milliseconds (number), converted to `expires`
  *    - `signed`   sign the cookie
  *    - `path`     defaults to "/"
  *
@@ -763,12 +763,17 @@ res.cookie = function (name, value, options) {
     val = 's:' + sign(val, secret);
   }
 
-  if (opts.maxAge != null) {
-    var maxAge = opts.maxAge - 0
+  if (opts.maxAge === null) {
+    // Treat null as "unset" (session cookie)
+    opts.maxAge = undefined;
+  }
+
+  if (typeof opts.maxAge !== 'undefined') {
+    var maxAge = Number(opts.maxAge);
 
-    if (!isNaN(maxAge)) {
-      opts.expires = new Date(Date.now() + maxAge)
-      opts.maxAge = Math.floor(maxAge / 1000)
+    if (Number.isFinite(maxAge)) {
+      opts.expires = new Date(Date.now() + maxAge);
+      opts.maxAge = Math.floor(maxAge / 1000);
     }
   }
 
@@ -777,10 +782,11 @@ res.cookie = function (name, value, options) {
   }
 
   this.append('Set-Cookie', cookie.serialize(name, String(val), opts));
-
   return this;
 };
 
+
+
 /**
  * Set the location header to `url`.
  *
diff --git a/package.json b/package.json
index db7661de46d..ce3365b4dc1 100644
--- a/package.json
+++ b/package.json
@@ -36,7 +36,7 @@
     "body-parser": "^2.2.0",
     "content-disposition": "^1.0.0",
     "content-type": "^1.0.5",
-    "cookie": "^0.7.1",
+    "cookie": "^1.0.2",
     "cookie-signature": "^1.2.1",
     "debug": "^4.4.0",
     "depd": "^2.0.0",