Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Browse files

[#1615] secure module: rememberme cookie appends incorrect expiration…

… date
  • Loading branch information...
commit f40912d12eb1b9a4cd8f899c68ac8c8c76208ec2 1 parent 534900a
@Notalifeform Notalifeform authored
12 documentation/manual/secure.textile
@@ -129,6 +129,18 @@ bc. #{secure.check "administrator"}
The tag only renders its body for authorised users, so the ‘Delete’ link is only displayed when the user is authorised to execute the @delete@ controller action.
+h2. <a name="configuration">Configuration</a>
+You can override default settings by adding them to your applications application.conf.
+h3. <a name="rememberme">secure.rememberme.duration</a>
+The expiration duration of the secure rememberme cookie.
+Default: 30d
+bc. secure.rememberme.duration=30d
h2. <a name="commands">Commands</a>
The Secure module provides a @play secure:override@ that you can use to override the log in page, so you can customize it for your application. This works by copying the corresponding file from the module to a file in your application that will be used instead.
4 modules/secure/app/controllers/
@@ -86,8 +86,8 @@ public static void authenticate(@Required String username, String password, bool
// Remember if needed
if(remember) {
Date expiration = new Date();
- String duration = "30d"; // maybe make this override-able
- expiration.setTime(expiration.getTime() + Time.parseDuration(duration));
+ String duration = Play.configuration.getProperty("secure.rememberme.duration","30d");
+ expiration.setTime(expiration.getTime() + Time.parseDuration(duration) * 1000 );
response.setCookie("rememberme", Crypto.sign(username + "-" + expiration.getTime()) + "-" + username + "-" + expiration.getTime(), duration);
Please sign in to comment.
Something went wrong with that request. Please try again.