Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CookieGenerator.removeCookie doesnt support secure field [SPR-12865] #17463

Closed
spring-issuemaster opened this issue Mar 30, 2015 · 4 comments

Comments

Projects
None yet
2 participants
@spring-issuemaster
Copy link
Collaborator

commented Mar 30, 2015

Sriram opened SPR-12865 and commented

While trying to use the removeCookie API we noticed that it does not support the isSecureCookie. Is there a specific reason to not allow this feature?

Thanks!


Reference URL: http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/web/util/CookieGenerator.html

@spring-issuemaster

This comment has been minimized.

Copy link
Collaborator Author

commented Mar 30, 2015

Juergen Hoeller commented

That removeCookie method essentially just creates a dummy cookie for the given name, timing out immediately, since that's the only way to remove a cookie using the Servlet API...

What specifically would you expect to be supported there? Are you indicating that this doesn't work for secure cookies? Would we have to call setSecure even for such a dummy cookie?

Juergen

@spring-issuemaster

This comment has been minimized.

Copy link
Collaborator Author

commented Mar 30, 2015

Sriram commented

We noticed that secure cookies weren't necessarily getting removed/deleted.
Our application required us to remove/delete these secure cookies.
Using the addCookie method and setting the max age to 0 worked for secure cookies as long as we set isSecure.

@spring-issuemaster

This comment has been minimized.

Copy link
Collaborator Author

commented Mar 31, 2015

Juergen Hoeller commented

Alright, as of 4.2, we're explicitly setting the 'secure' and 'httpOnly' flags in removeCookie as well. We'll see whether this causes any side effects during our release candidate phase.

Juergen

@spring-issuemaster

This comment has been minimized.

Copy link
Collaborator Author

commented Apr 8, 2015

Sriram commented

Thank you Juergen for your timely response on this. once we get to testing with this new change I will update you of our results.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.