Protei/PromucFlow_constructor
2
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Adding expiry of 30 days to session cookies (#6224)

Browse Source 
Fixes #5872

Adding an expiry of 30 days to the cookie to ensure that browsers don't delete the cookie when the browser session is closed.
This commit is contained in:
Arpit Mohan 2021-07-29 18:13:22 +05:30 committed by GitHub
parent 8789c4f897
commit 8dd41ab947
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
app/server/appsmith-server/src/main/java/com/appsmith/server/configurations/SecurityConfig.java
View File

@ -30,7 +30,10 @@ import org.springframework.web.reactive.function.server.RouterFunction;
import org.springframework.web.reactive.function.server.RouterFunctions; import org.springframework.web.reactive.function.server.RouterFunctions;
import org.springframework.web.reactive.function.server.ServerResponse; import org.springframework.web.reactive.function.server.ServerResponse;
import org.springframework.web.server.adapter.ForwardedHeaderTransformer; import org.springframework.web.server.adapter.ForwardedHeaderTransformer;
import org.springframework.web.server.session.CookieWebSessionIdResolver;
import org.springframework.web.server.session.WebSessionIdResolver;
import java.time.Duration;
import java.util.Arrays; import java.util.Arrays;
import java.util.HashSet; import java.util.HashSet;
@ -38,6 +41,7 @@ import static com.appsmith.server.constants.Url.ACTION_URL;
import static com.appsmith.server.constants.Url.APPLICATION_URL; import static com.appsmith.server.constants.Url.APPLICATION_URL;
import static com.appsmith.server.constants.Url.PAGE_URL; import static com.appsmith.server.constants.Url.PAGE_URL;
import static com.appsmith.server.constants.Url.USER_URL; import static com.appsmith.server.constants.Url.USER_URL;
import static java.time.temporal.ChronoUnit.DAYS;
@EnableWebFluxSecurity @EnableWebFluxSecurity
@EnableReactiveMethodSecurity @EnableReactiveMethodSecurity
@ -167,6 +171,21 @@ public class SecurityConfig {
.and().build(); .and().build();
} }
/**
* This bean configures the parameters that need to be set when a Cookie is created for a logged in user
* @return
*/
@Bean
public WebSessionIdResolver webSessionIdResolver() {
CookieWebSessionIdResolver resolver = new CookieWebSessionIdResolver();
// Setting the max age to 30 days so that the cookie doesn't expire on browser close
// If the max age is not set, some browsers will default to deleting the cookies on session close.
resolver.setCookieMaxAge(Duration.of(30, DAYS));
resolver.addCookieInitializer((builder) -> builder.path("/"));
resolver.addCookieInitializer((builder) -> builder.sameSite("Lax"));
return resolver;
}
private User createAnonymousUser() { private User createAnonymousUser() {
User user = new User(); User user = new User();
user.setName(FieldName.ANONYMOUS_USER); user.setName(FieldName.ANONYMOUS_USER);