Skip to content

Set secure when cancelling remember-me cookie #7726

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Dec 20, 2019
Merged

Set secure when cancelling remember-me cookie #7726

merged 2 commits into from
Dec 20, 2019

Conversation

okohub
Copy link
Contributor

@okohub okohub commented Dec 12, 2019

AbstractRememberMeServices is setting remember-me cookie with checking request is secure or secure usage is independently set to a fixed flag.
But when cancelling a cookie, cookie is not being marked secure or not. It produces an inconsistency when using secure flag as a part to identity of cookie. This commit intended to fix this situation.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Dec 12, 2019
@okohub
Fix remember-me cookie set/cancel inconsistency:
bee4265 
AbstractRememberMeServices is setting remember-me cookie with checking request is secure or secure usage is independently set to a fixed flag.
But when cancelling a cookie, cookie is not being marked secure or not. It produces an inconsistency when using secure flag as a part to identity of cookie. This commit intended to fix this situation.
@okohub okohub force-pushed the fix-remember-me-cookie-inconsistency branch from c5582cd to bee4265 Compare December 12, 2019 11:56
@okohub okohub changed the title Fix remember-me set/cancel inconsistency: Fix remember-me cookie set/cancel inconsistency: Dec 12, 2019
@eleftherias eleftherias self-assigned this Dec 18, 2019
eleftherias
eleftherias suggested changes Dec 18, 2019
View reviewed changes
Copy link
Contributor

@eleftherias eleftherias left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @okohub!
Please add a test for the new functionality and then I'll merge the change.

@eleftherias eleftherias added in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Dec 18, 2019
@okohub
Copy link
Contributor Author

okohub commented Dec 19, 2019

@eleftherias added tests, thank you :)

@eleftherias eleftherias merged commit 2015f39 into spring-projects:master Dec 20, 2019
@eleftherias
Copy link
Contributor

Thanks for the PR @okohub! This is now merged into master.

@eleftherias eleftherias added this to the 5.3.0.M1 milestone Dec 20, 2019
@okohub okohub deleted the fix-remember-me-cookie-inconsistency branch December 20, 2019 22:29
@eleftherias eleftherias changed the title Fix remember-me cookie set/cancel inconsistency: Set secure when cancelling remember-me cookie Jan 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@eleftherias eleftherias eleftherias requested changes

Reviewers whose approvals may not affect merge requirements
Assignees

@eleftherias eleftherias

Labels
in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
Projects
None yet
Milestone
5.3.0.M1
Development

Successfully merging this pull request may close these issues.
3 participants
@okohub @eleftherias @spring-projects-issues