Skip to content
Browse files

[#1743] rememberme cookie has a wrong expiration

the result of "Time.parseDuration(duration)" was treated as an Integer, and this can exceed the limit of Integer.MAX_VALUE very easily, we can cast to Long to prevent this issue.
  • Loading branch information...
1 parent 34c2709 commit a374fbbf23dc72ae17905eb1485a7084756fd816 @salvan13 salvan13 committed with Notalifeform Nov 5, 2013
Showing with 1 addition and 1 deletion.
  1. +1 −1 modules/secure/app/controllers/Secure.java
View
2 modules/secure/app/controllers/Secure.java
@@ -87,7 +87,7 @@ public static void authenticate(@Required String username, String password, bool
if(remember) {
Date expiration = new Date();
String duration = Play.configuration.getProperty("secure.rememberme.duration","30d");
- expiration.setTime(expiration.getTime() + Time.parseDuration(duration) * 1000 );
+ expiration.setTime(expiration.getTime() + ((long)Time.parseDuration(duration)) * 1000L );
response.setCookie("rememberme", Crypto.sign(username + "-" + expiration.getTime()) + "-" + username + "-" + expiration.getTime(), duration);
}

0 comments on commit a374fbb

Please sign in to comment.
Something went wrong with that request. Please try again.