[#1615] secure module: rememberme cookie appends incorrect expiration…

… date
playframework · Feb 9, 2013 · f40912d · f40912d
1 parent 534900a
commit f40912d
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 2 deletions.
diff --git a/documentation/manual/secure.textile b/documentation/manual/secure.textile
@@ -129,6 +129,18 @@ bc. #{secure.check "administrator"}
 
 The tag only renders its body for authorised users, so the ‘Delete’ link is only displayed when the user is authorised to execute the @delete@ controller action.
 
+h2. <a name="configuration">Configuration</a>
+
+You can override default settings by adding them to your applications application.conf.
+
+h3. <a name="rememberme">secure.rememberme.duration</a>
+
+The expiration duration of the secure rememberme cookie.
+
+Default: 30d
+
+bc.  secure.rememberme.duration=30d 
+
 h2. <a name="commands">Commands</a>
 
 The Secure module provides a @play secure:override@ that you can use to override the log in page, so you can customize it for your application. This works by copying the corresponding file from the module to a file in your application that will be used instead.

diff --git a/modules/secure/app/controllers/Secure.java b/modules/secure/app/controllers/Secure.java
@@ -86,8 +86,8 @@ public static void authenticate(@Required String username, String password, bool
         // Remember if needed
         if(remember) {
             Date expiration = new Date();
-            String duration = "30d";  // maybe make this override-able 
-            expiration.setTime(expiration.getTime() + Time.parseDuration(duration));
+            String duration = Play.configuration.getProperty("secure.rememberme.duration","30d"); 
+            expiration.setTime(expiration.getTime() + Time.parseDuration(duration) * 1000 );
             response.setCookie("rememberme", Crypto.sign(username + "-" + expiration.getTime()) + "-" + username + "-" + expiration.getTime(), duration);
 
         }