-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Session based authentication doesn't work with Micronaut framework version 4.3.8 or later #1682
Comments
This looks to be cause by some changes we made in Micronaut Core to how cookies are encoded. The non-Netty implementation of We will need to correct the service loading so that the correct implementations of the cookie interfaces are loaded. In the meantime, this can be worked around by explictly setting the |
@jeremyg484 I think it is a bug in Micronaut Session not to se the cookie's max-age correctly. don't you think? |
I'm not certain that Micronaut Session is where it needs to be fixed. I think the most sensible default is to not set Max-Age at all in the Set-Cookie header. If neither Max-Age nor Expires are set on the cookie, then it becomes a "session cookie", ie a cookie that persists until the given browser session is ended. (See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie).
The problem though is that the default value of max age of the We could change the default value in I think perhaps we should rather update the contract of the |
Expected Behavior
Since update of Micronaut framework version from 4.3.7 to 4.3.8 the session based authorization doesn't work anymore. I can reproduce it with your example application (https://guides.micronaut.io/latest/micronaut-security-session-maven-java.html).
Actual Behaviour
After login with the correct credentials the user is not authorized.
Steps To Reproduce
Environment Information
Operation System: Windows
Java version: JDK 17
Example Application
https://guides.micronaut.io/latest/micronaut-security-session-maven-java.zip
Version
4.3.8 or later
The text was updated successfully, but these errors were encountered: