Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

adds session-cookie boolean configuration #1906

Open
wants to merge 8 commits into
base: 4.12.x
Choose a base branch
from
Open

adds session-cookie boolean configuration #1906

wants to merge 8 commits into from

Conversation

sdelamo
Copy link
Contributor

@sdelamo sdelamo commented Jan 7, 2025
edited
Loading

https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies

Session cookies — cookies without a Max-Age or Expires attribute – are deleted when the current session ends. The browser defines when the "current session" ends, and some browsers use session restoring when restarting. This can cause session cookies to last indefinitely

Currently, we set an expiration date for the cookie if no expiration date was defined in the configuration. We set the cookie containing the JWT as the value, with an expiration date matching the JWT exp claim.

Thus, users can't leave the expiration date empty and, therefore, configure a token cookie as a session cookie. Some users asked for this.

This PR adds a configuration option to define whether a cookie is a session cookie. When set to true, then no Expires attribute is set for the cookie, making it a session cookie.

Close: #339

@sdelamo
adds session-cookie boolean configuration
9d3e61b 
By default, there was already an expiration date. This PR adds a configuration option to define. whether the cookie is a [session cookie](https://en.wikipedia.org/wiki/HTTP_cookie#Expires_and_Max-Age). A session cookie does not have an expiration date.

When set to true, then no Expires atttribute is set for the cookie, making it an session cookie.

Close: #339
@sdelamo sdelamo added the type: improvement A minor improvement to an existing feature label Jan 7, 2025
sdelamo and others added 5 commits January 8, 2025 07:06
@sdelamo
Update security-jwt/src/test/java/io/micronaut/security/token/jwt/coo…
7d9c393 
…kie/JwtCookieSessionCookieTest.java
@renovate @sdelamo
chore(deps): update plugin io.micronaut.build.shared.settings to v7.3…
0dde481 
….1 (#1905)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate @sdelamo
chore(deps): update softprops/action-gh-release action to v2.2.1 (#1907)
bc1e109 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@sdelamo
extract access and refresh token Cookie methods (#1908)
19937af 
This pull request extracts two methods to ease TokenCookieLoginHandler bean replacement.

see: #339
@sdelamo
change javadoc
b9a2436
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jan 8, 2025

Quality Gate Failed Quality Gate failed

Failed conditions
68.8% Coverage on New Code (required ≥ 70%)

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@n0tl3ss n0tl3ss n0tl3ss approved these changes

@yawkat yawkat yawkat approved these changes

@graemerocher graemerocher Awaiting requested review from graemerocher

Assignees
No one assigned
Labels
type: improvement A minor improvement to an existing feature
Projects
4.8.0 Release
Status: Ready for Review
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

micronaut cookie max-age session value
3 participants
@sdelamo @yawkat @n0tl3ss