From 84db5bb312d6afb2db38ab89278c350f48a0017d Mon Sep 17 00:00:00 2001
From: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
Date: Tue, 6 May 2025 16:43:04 -0600
Subject: [PATCH] Add Cookie Customizer Migration Steps

---
 docs/modules/ROOT/pages/migration-7/web.adoc | 46 ++++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/docs/modules/ROOT/pages/migration-7/web.adoc b/docs/modules/ROOT/pages/migration-7/web.adoc
index 467f2663e8..248b719c0e 100644
--- a/docs/modules/ROOT/pages/migration-7/web.adoc
+++ b/docs/modules/ROOT/pages/migration-7/web.adoc
@@ -521,3 +521,49 @@ Xml::
 =====
 If you have several circumstances where HTTP is needed, consider using `OrRequestMatcher` to combine them into a single `RequestMatcher` instance.
 =====
+
+== Use `setCookieCustomizer` instead of individual setters
+
+In favor of a simpler API, `CookieCsrfTokenRepository#setCookieCustomizer` allows you to change any aspect of the cookie, replacing `setCookieHttpOnly`, `setCookieMaxAge`, `setSecure`, and `setCookieDomain`.
+
+Change this:
+
+[tabs]
+======
+Java::
++
+[source,java,role="primary"]
+----
+CookeCsrfTokenRepository csrf = CookeCsrfTokenRepository.withHttpOnlyFalse();
+csrf.setCookieMaxAge(86400)
+----
+
+Kotlin::
++
+[source,kotlin,role="secondary"]
+----
+val csrf = CookeCsrfTokenRepository.withHttpOnlyFalse()
+csrf.setCookieMaxAge(86400)
+----
+======
+
+to this:
+
+[tabs]
+======
+Java::
++
+[source,java,role="primary"]
+----
+CookeCsrfTokenRepository csrf = CookeCsrfTokenRepository.withHttpOnlyFalse();
+csrf.setCookieCustomizer((c) -> c.maxAge(86400));
+----
+
+Kotlin::
++
+[source,kotlin,role="secondary"]
+----
+val csrf = CookeCsrfTokenRepository.withHttpOnlyFalse()
+csrf.setCookieCustomizer { -> it.maxAge(86400) }
+----
+======