Correctly set maxAge and expires in ResponseCookie
Issue: SPR-16940
This commit is contained in:
@@ -1218,9 +1218,14 @@ public class HttpHeaders implements MultiValueMap<String, String>, Serializable
|
||||
* @see #setZonedDateTime(String, ZonedDateTime)
|
||||
*/
|
||||
public void setDate(String headerName, long date) {
|
||||
set(headerName, formatDate(date));
|
||||
}
|
||||
|
||||
// Package private: also used in ResponseCookie..
|
||||
static String formatDate(long date) {
|
||||
Instant instant = Instant.ofEpochMilli(date);
|
||||
ZonedDateTime zonedDateTime = ZonedDateTime.ofInstant(instant, GMT);
|
||||
set(headerName, DATE_FORMATTERS[0].format(zonedDateTime));
|
||||
ZonedDateTime time = ZonedDateTime.ofInstant(instant, GMT);
|
||||
return DATE_FORMATTERS[0].format(time);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -154,12 +154,10 @@ public final class ResponseCookie extends HttpCookie {
|
||||
sb.append("; Domain=").append(this.domain);
|
||||
}
|
||||
if (!this.maxAge.isNegative()) {
|
||||
sb.append("; Max-Age=").append(this.maxAge);
|
||||
sb.append("; Max-Age=").append(this.maxAge.getSeconds());
|
||||
sb.append("; Expires=");
|
||||
HttpHeaders headers = new HttpHeaders();
|
||||
long seconds = this.maxAge.getSeconds();
|
||||
headers.setExpires(seconds > 0 ? System.currentTimeMillis() + seconds : 0);
|
||||
sb.append(headers.getFirst(HttpHeaders.EXPIRES));
|
||||
long millis = this.maxAge.getSeconds() > 0 ? System.currentTimeMillis() + this.maxAge.toMillis() : 0;
|
||||
sb.append(HttpHeaders.formatDate(millis));
|
||||
}
|
||||
if (this.secure) {
|
||||
sb.append("; Secure");
|
||||
@@ -267,7 +265,7 @@ public final class ResponseCookie extends HttpCookie {
|
||||
ResponseCookieBuilder maxAge(Duration maxAge);
|
||||
|
||||
/**
|
||||
* Set the cookie "Max-Age" attribute in seconds.
|
||||
* Variant of {@link #maxAge(Duration)} accepting a value in seconds.
|
||||
*/
|
||||
ResponseCookieBuilder maxAge(long maxAgeSeconds);
|
||||
|
||||
@@ -294,6 +292,9 @@ public final class ResponseCookie extends HttpCookie {
|
||||
|
||||
/**
|
||||
* Add the "SameSite" attribute to the cookie.
|
||||
* <p>This limits the scope of the cookie such that it will only be
|
||||
* attached to same site requests if {@code "Strict"} or cross-site
|
||||
* requests if {@code "Lax"}.
|
||||
* @see <a href="https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis#section-4.1.2.7">RFC6265 bis</a>
|
||||
*/
|
||||
ResponseCookieBuilder sameSite(String sameSite);
|
||||
|
||||
@@ -92,7 +92,7 @@ public class CookieWebSessionIdResolver implements WebSessionIdResolver {
|
||||
* Return the configured "SameSite" attribute value for the session cookie.
|
||||
*/
|
||||
public String getSameSite() {
|
||||
return sameSite;
|
||||
return this.sameSite;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
Reference in New Issue
Block a user