Fixed the persistent cookie code

The cookie expiration date should be set only if the cookie is persistent, not the other way around. The previous code did exactly the opposite.
appharbor · Apr 9, 2013 · 93ca90d · 93ca90d
1 parent 2da2c51
commit 93ca90d
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/AppHarbor.Web.Security/CookieAuthenticationModule.cs b/AppHarbor.Web.Security/CookieAuthenticationModule.cs
@@ -69,7 +69,7 @@ private void RenewCookieIfExpiring(HttpContext context, CookieProtector protecto
 				HttpOnly = true,
 				Secure = _configuration.RequireSSL,
 			};
-			if (!authenticationCookie.Persistent)
+			if (authenticationCookie.Persistent)
 			{
 				newCookie.Expires = authenticationCookie.IssueDate + _configuration.Timeout;
 			}

diff --git a/AppHarbor.Web.Security/CookieAuthenticator.cs b/AppHarbor.Web.Security/CookieAuthenticator.cs
@@ -29,7 +29,7 @@ public void SetCookie(string username, bool persistent = false, string[] roles =
 					HttpOnly = true,
 					Secure = _configuration.RequireSSL,
 				};
-				if (!persistent)
+				if (persistent)
 				{
 					httpCookie.Expires = cookie.IssueDate + _configuration.Timeout;
 				}