Skip to content

Allow customizing AbstractRememberMeServices cookie #14990

New issue
New issue
Closed
#15203
Closed
Allow customizing AbstractRememberMeServices cookie#14990
#15203
Assignees
marcusdacoregio
Labels
in: webAn issue in web modules (web, webmvc)status: duplicateA duplicate of another issuestatus: ideal-for-contributionAn issue that we actively are looking for someone to help us withtype: enhancementA general enhancement
Milestone
 
6.4.0-M1
@ooraini

Description

@ooraini
ooraini
opened on Apr 30, 2024

Expected Behavior

Current Behavior

Context

I want to set the same-site attribute for the remember-me cookie. The servlet Cookie class exposes the setAttribute method to modify the cookie attribute. We can add setCookeAttribute to AbstractRememberMeServices or offer a post-processor style API that allows clients to modify the cookie:

363
	protected void setCookie(String[] tokens, int maxAge, HttpServletRequest request, HttpServletResponse response) {
		String cookieValue = encodeCookie(tokens);
		Cookie cookie = new Cookie(this.cookieName, cookieValue);
		cookie.setMaxAge(maxAge);
		cookie.setPath(getCookiePath(request));
		if (this.cookieDomain != null) {
			cookie.setDomain(this.cookieDomain);
		}
		if (maxAge < 1) {
			cookie.setVersion(1);
		}
		cookie.setSecure((this.useSecureCookie != null) ? this.useSecureCookie : request.isSecure());
		cookie.setHttpOnly(true);

                 this.cookiePostProcessor.accept(cookie); // NEW

		response.addCookie(cookie);
	}

And the same thing for the configurer

Metadata

Metadata

Assignees

Labels

in: webAn issue in web modules (web, webmvc)status: duplicateA duplicate of another issuestatus: ideal-for-contributionAn issue that we actively are looking for someone to help us withtype: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions