Correctly set maxAge and expires in ResponseCookie

Issue: SPR-16940
This commit is contained in:
Rossen Stoyanchev
2018-06-14 13:07:17 -04:00
parent 09d9450154
commit ebdcc015a4
5 changed files with 88 additions and 10 deletions

View File

@@ -1218,9 +1218,14 @@ public class HttpHeaders implements MultiValueMap<String, String>, Serializable
* @see #setZonedDateTime(String, ZonedDateTime)
*/
public void setDate(String headerName, long date) {
set(headerName, formatDate(date));
}
// Package private: also used in ResponseCookie..
static String formatDate(long date) {
Instant instant = Instant.ofEpochMilli(date);
ZonedDateTime zonedDateTime = ZonedDateTime.ofInstant(instant, GMT);
set(headerName, DATE_FORMATTERS[0].format(zonedDateTime));
ZonedDateTime time = ZonedDateTime.ofInstant(instant, GMT);
return DATE_FORMATTERS[0].format(time);
}
/**

View File

@@ -154,12 +154,10 @@ public final class ResponseCookie extends HttpCookie {
sb.append("; Domain=").append(this.domain);
}
if (!this.maxAge.isNegative()) {
sb.append("; Max-Age=").append(this.maxAge);
sb.append("; Max-Age=").append(this.maxAge.getSeconds());
sb.append("; Expires=");
HttpHeaders headers = new HttpHeaders();
long seconds = this.maxAge.getSeconds();
headers.setExpires(seconds > 0 ? System.currentTimeMillis() + seconds : 0);
sb.append(headers.getFirst(HttpHeaders.EXPIRES));
long millis = this.maxAge.getSeconds() > 0 ? System.currentTimeMillis() + this.maxAge.toMillis() : 0;
sb.append(HttpHeaders.formatDate(millis));
}
if (this.secure) {
sb.append("; Secure");
@@ -267,7 +265,7 @@ public final class ResponseCookie extends HttpCookie {
ResponseCookieBuilder maxAge(Duration maxAge);
/**
* Set the cookie "Max-Age" attribute in seconds.
* Variant of {@link #maxAge(Duration)} accepting a value in seconds.
*/
ResponseCookieBuilder maxAge(long maxAgeSeconds);
@@ -294,6 +292,9 @@ public final class ResponseCookie extends HttpCookie {
/**
* Add the "SameSite" attribute to the cookie.
* <p>This limits the scope of the cookie such that it will only be
* attached to same site requests if {@code "Strict"} or cross-site
* requests if {@code "Lax"}.
* @see <a href="https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis#section-4.1.2.7">RFC6265 bis</a>
*/
ResponseCookieBuilder sameSite(String sameSite);

View File

@@ -92,7 +92,7 @@ public class CookieWebSessionIdResolver implements WebSessionIdResolver {
* Return the configured "SameSite" attribute value for the session cookie.
*/
public String getSameSite() {
return sameSite;
return this.sameSite;
}
@Override