Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.0.0, 2.0.1, 2.0.2, 2.0.3
    • Fix Version/s: 3.0.0 M1
    • Component/s: Core
    • Labels:
      None

      Description

      When configuring remember-me services and token-validity-seconds is -1 would be nice to have it act like how the browser handles cookies of that age (for the life of the browser). This can be done by putting a expiry time for a few weeks or so on when the cookie is generated, and leaving the maxAge to -1.

        Activity

        Hide
        Luke Taylor added a comment -

        I've added support for this to TokenBasedRememberMeServices. It allows the use of a negative value as the tokenValiditySeconds property. If the value is negative, the token expiryTime (as used in the signature) will remain at the default of 14 days, but the cookie maxAge will be set to the negative value, preventing it from being persisted on the client when the browser closes.

        PersistentTokenBasedRememberMeServices will reject a negative value on initialization.

        Show
        Luke Taylor added a comment - I've added support for this to TokenBasedRememberMeServices. It allows the use of a negative value as the tokenValiditySeconds property. If the value is negative, the token expiryTime (as used in the signature) will remain at the default of 14 days, but the cookie maxAge will be set to the negative value, preventing it from being persisted on the client when the browser closes. PersistentTokenBasedRememberMeServices will reject a negative value on initialization.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Matthew Reynard
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: