Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-10 04:13:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Set cookie domain for cancel remember-me

Browse Source 
Fixes gh-3871
This commit is contained in:
Adrien SAUVEZ 2016-05-13 13:31:18 -05:00 committed by Rob Winch
parent ede521dc8d
commit c261975be0
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
View File

@ -364,7 +364,9 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
Cookie cookie = new Cookie(cookieName, null); Cookie cookie = new Cookie(cookieName, null);
cookie.setMaxAge(0); cookie.setMaxAge(0);
cookie.setPath(getCookiePath(request)); cookie.setPath(getCookiePath(request));
if (cookieDomain != null) {
cookie.setDomain(cookieDomain);
}
response.addCookie(cookie); response.addCookie(cookie);
} }

6
web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
View File

@ -253,6 +253,8 @@ public class AbstractRememberMeServicesTests {
@Test @Test
public void logoutShouldCancelCookie() throws Exception { public void logoutShouldCancelCookie() throws Exception {
MockRememberMeServices services = new MockRememberMeServices(uds); MockRememberMeServices services = new MockRememberMeServices(uds);
services.setCookieDomain("spring.io");
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
request.setContextPath("contextpath"); request.setContextPath("contextpath");
request.setCookies(createLoginCookie("cookie:1:2")); request.setCookies(createLoginCookie("cookie:1:2"));
@ -265,6 +267,10 @@ public class AbstractRememberMeServicesTests {
services.logout(request, response, null); services.logout(request, response, null);
assertCookieCancelled(response); assertCookieCancelled(response);
Cookie returnedCookie = response.getCookie(
AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
assertThat(returnedCookie.getDomain()).isEqualTo("spring.io");
} }
@Test(expected = CookieTheftException.class) @Test(expected = CookieTheftException.class)