root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Clarified cookieMaxAge default 

Issue: SPR-15155
This commit is contained in:
Juergen Hoeller 2017-01-17 15:33:30 +01:00
parent 2047f8d5ae
commit 874b653314
2 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
spring-web/src/main/java/org/springframework/web/util/CookieGenerator.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2016 the original author or authors.
* Copyright 2002-2017 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -55,7 +55,7 @@ public class CookieGenerator {
private String cookiePath = DEFAULT_COOKIE_PATH;
private Integer cookieMaxAge = null;
private Integer cookieMaxAge;
private boolean cookieSecure = false;
@ -111,7 +111,9 @@ public class CookieGenerator {
/**
* Use the given maximum age (in seconds) for cookies created by this generator.
* Useful special value: -1 ... not persistent, deleted when client shuts down
* Useful special value: -1 ... not persistent, deleted when client shuts down.
* <p>Default is no specific maximum age at all, using the Servlet container's
* default.
* @see javax.servlet.http.Cookie#setMaxAge
*/
public void setCookieMaxAge(Integer cookieMaxAge) {
@ -128,7 +130,8 @@ public class CookieGenerator {
/**
* Set whether the cookie should only be sent using a secure protocol,
* such as HTTPS (SSL). This is an indication to the receiving browser,
* not processed by the HTTP server itself. Default is "false".
* not processed by the HTTP server itself.
* <p>Default is "false".
* @see javax.servlet.http.Cookie#setSecure
*/
public void setCookieSecure(boolean cookieSecure) {
@ -145,6 +148,7 @@ public class CookieGenerator {
/**
* Set whether the cookie is supposed to be marked with the "HttpOnly" attribute.
* <p>Default is "false".
* @see javax.servlet.http.Cookie#setHttpOnly
*/
public void setCookieHttpOnly(boolean cookieHttpOnly) {

2
src/asciidoc/web-mvc.adoc
View File

@ -3518,7 +3518,7 @@ maximum age. Find below an example of defining a `CookieLocaleResolver`.
| The name of the cookie
| cookieMaxAge
| Integer.MAX_INT
| Servlet container default
| The maximum time a cookie will stay persistent on the client. If -1 is specified, the
cookie will not be persisted; it will only be available until the client shuts down
their browser.