VDS-1067: Disable HttpOnly attribute on auth cookie and increase cook…

…ie life time (#61) * VDS-1067: Disable HttpOnly attribute on auth cookie * Fix code smell * Increase cookie life to thirty days * Fix settings
VirtoCommerce · Mar 18, 2021 · a3a50eb · a3a50eb
1 parent 389a26c
commit a3a50eb
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/VirtoCommerce.Storefront/Startup.cs b/VirtoCommerce.Storefront/Startup.cs
@@ -63,7 +63,6 @@
 using VirtoCommerce.Storefront.Model.Tax.Services;
 using VirtoCommerce.Storefront.Routing;
 using VirtoCommerce.Tools;
-using SameSiteMode = Microsoft.AspNetCore.Http.SameSiteMode;
 
 namespace VirtoCommerce.Storefront
 {
@@ -264,6 +263,7 @@ public void ConfigureServices(IServiceCollection services)
             services.ConfigureApplicationCookie(options =>
             {
                 Configuration.GetSection("CookieAuthenticationOptions").Bind(options);
+                options.Cookie.HttpOnly = false;
                 options.EventsType = typeof(CustomCookieAuthenticationEvents);
             });
 

diff --git a/VirtoCommerce.Storefront/appsettings.json b/VirtoCommerce.Storefront/appsettings.json
@@ -63,7 +63,7 @@
     "Cookie": {
       "HttpOnly": true
     },
-    "ExpireTimeSpan": "00:30:00",
+    "ExpireTimeSpan": "30.00:00:00",
     "LoginPath": "/Account/Login",
     "LogoutPath": "/Account/Logout",
     "AccessDeniedPath": "/error/AccessDenied",