Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CookieServerCsrfTokenRepository doesn't support setting MaxAge #11432

Closed
bojackhorseman0309 opened this issue Jun 23, 2022 · 0 comments · Fixed by #11433
Closed

CookieServerCsrfTokenRepository doesn't support setting MaxAge #11432

bojackhorseman0309 opened this issue Jun 23, 2022 · 0 comments · Fixed by #11433
Assignees
@jzheaux @bojackhorseman0309
Labels
in: web An issue in web modules (web, webmvc) status: backported An issue that has been backported to maintenance branches type: enhancement A general enhancement
Milestone
6.0.0-M6

Comments

@bojackhorseman0309
Copy link
Contributor

bojackhorseman0309 commented Jun 23, 2022
edited
Loading

Expected Behavior

"CookieCsrfTokenRepository" does allow you to set the cookies "maxAge" value, therefore it seems like it's Reactive counterpart "CookieServerCsrfTokenRepository" should also support it by allowing you to set the max age or using the default of "-1".

Current Behavior

It is either being set "-1" by default if the token is not empty or 0 if it is empty.
.maxAge(!tokenValue.isEmpty() ? -1 : 0)

Therefore you cannot set it yourself.

Context

I had this in mind since I was curious about what would I need to be able to set my SESSION and X-CSRF cookies to not expire when the browser is closed to allow users of my SPA to not have to login every time the browser closes. But I don't know if the functionality is not being yet implemented for the X-CSRF cookie because of an specific reason.

More context about my problem

Suggested solution

PR: #11433
@bojackhorseman0309 bojackhorseman0309 added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Jun 23, 2022
@bojackhorseman0309 bojackhorseman0309 mentioned this issue Jun 23, 2022
Merged
@jzheaux jzheaux added in: web An issue in web modules (web, webmvc) and removed status: waiting-for-triage An issue we've not yet triaged labels Jun 23, 2022
@jzheaux jzheaux added this to the 6.0.0-M6 milestone Jun 23, 2022
bojackhorseman0309 added a commit to bojackhorseman0309/spring-security that referenced this issue Jun 24, 2022
@bojackhorseman0309
Adds the ability to set the CSRF Token cookie max age value
32b84fd 
Closes spring-projectsgh-11432
jzheaux pushed a commit that referenced this issue Jun 24, 2022
@bojackhorseman0309 @jzheaux
Adds the ability to set the CSRF Token cookie max age value
1ac1271 
Closes gh-11432
@github-actions github-actions bot added the status: backported An issue that has been backported to maintenance branches label Jun 24, 2022
@github-actions github-actions bot mentioned this issue Jun 24, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

@bojackhorseman0309 bojackhorseman0309

Labels
in: web An issue in web modules (web, webmvc) status: backported An issue that has been backported to maintenance branches type: enhancement A general enhancement
Projects
None yet
Milestone
6.0.0-M6
Development

Successfully merging a pull request may close this issue.

Ability to set cookie maxAge in CookieServerCsrfTokenRepository bojackhorseman0309/spring-security
2 participants
@jzheaux @bojackhorseman0309