Skip to content

Maximum Age for the cookie created by CookieCsrfTokenRepository #9195

New issue
New issue
Closed
#9196
Closed
Maximum Age for the cookie created by CookieCsrfTokenRepository#9195
#9196
Assignees
rwinch
Labels
in: webAn issue in web modules (web, webmvc)type: enhancementA general enhancement
@sedran

Description

@sedran
sedran
opened on Nov 8, 2020

Expected Behavior

Maximum age of cookies created by CookieCsrfTokenRepository should be configurable.

Current Behavior

Currently, CookieCsrfTokenRepository generated cookies with a maximum age value of -1.

Context

Currently, CookieCsrfTokenRepository generated cookies with a maximum age value of -1.
This means the cookie will expire as soon as the browser is closed.
Under some circumtances, a cookie with a specific maximum age may be desired.

I've faced with a security tester who did not approve my project's production deployment
until I've set a maximum age value to the csrf token cookie. Now I have to extend CookieCsrfTokenRepository
and override its behavior in every project that my team has developped.

I've implemented this feature and I want to send a pull request.

Metadata

Metadata

Assignees

Labels

in: webAn issue in web modules (web, webmvc)type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions