-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Define default value for Cookie Max-Age #10775
Conversation
The Cookie interface is updated with a constant value to represent an undefined Max-Age, and its JavaDocs are updated to explicitly state that the undefined value should not be encoded. The CookieHttpCookieAdapter implementation is updated to explicitly set the required undefined max age value in its constructor. The new constant is consistent with the behavior of the Netty Cookie implementation, and is meant to enforce consistency between it and the HttpCookie based implementation, if only by explicitly stating the intended contract. The CookieFactory service definition is removed from the http module as HttpCookieFactory already gets loaded by default (if no other service definitions are loaded) via CookieFactory.INSTANCE. This allows other explicit services definitions such as that in http-netty to reliably override the default implementation. Tests are added to verify the undefined max age value in both implementations, and to ensure that NettyServerCookieEncoder can correctly encode a Cookie created by the default HttpCookieFactory.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added the same test for the DefaultServerCookieEncoder.
A difference in encoding is the Netty encoder uses HTTPOnly while the other uses HttpOnly. The latter seems more correct but I guess both work.
@jeremyg484 I also changed the adapter to set max only if it is -1.
|
The Cookie interface is updated with a constant value to represent an undefined Max-Age, and its JavaDocs are updated to explicitly state that the undefined value should not be encoded. The CookieHttpCookieAdapter implementation is updated to explicitly set the required undefined max age value in its constructor. The new constant is consistent with the behavior of the Netty Cookie implementation, and is meant to enforce consistency between it and the HttpCookie based implementation, if only by explicitly stating the intended contract. The CookieFactory service definition is removed from the http module as HttpCookieFactory already gets loaded by default (if no other service definitions are loaded) via CookieFactory.INSTANCE. This allows other explicit services definitions such as that in http-netty to reliably override the default implementation. Tests are added to verify the undefined max age value in both implementations, and to ensure that NettyServerCookieEncoder can correctly encode a Cookie created by the default HttpCookieFactory. * test: DefaultServerCookieEncoder encoding test * Only set if -1
Close: #10773
Close: micronaut-projects/micronaut-security#1682
The
Cookie
interface is updated with a constant value to represent anundefined Max-Age, and its JavaDocs are updated to explicitly state
that the undefined value should not be encoded.
The
CookieHttpCookieAdapter
implementation is updated to explicitly setthe required undefined max age value in its constructor.
The new constant is consistent with the behavior of the Netty
Cookie
implementation, and is meant to enforce consistency between it and the
HttpCookie
based implementation, if only by explicitly stating theintended contract.
The
CookieFactory
service definition is removed from thehttp
moduleas
HttpCookieFactory
already gets loaded by default (if no otherservice definitions are loaded) via
CookieFactory.INSTANCE
. Thisallows other explicit service definitions such as that in
http-netty
to reliably override the default implementation.
Tests are added to verify the undefined max age value in both
implementations, and to ensure that
NettyServerCookieEncoder
cancorrectly encode a
Cookie
created by the defaultHttpCookieFactory
.This should resolved issues occurring in Micronaut Security with session
based authentication such as micronaut-projects/micronaut-security#1682