root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions 8 Packages Projects Releases Wiki Activity

CookieGenerator explicitly sets 'secure' and 'httpOnly' flags in removeCookie as well 

Issue: SPR-12865
This commit is contained in:
Juergen Hoeller 2015-03-31 09:59:55 +02:00
parent c382b6f059
commit d05fc2ed9c
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
spring-web/src/main/java/org/springframework/web/util/CookieGenerator.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2014 the original author or authors.
* Copyright 2002-2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -203,6 +203,12 @@ public class CookieGenerator {
Assert.notNull(response, "HttpServletResponse must not be null");
Cookie cookie = createCookie("");
cookie.setMaxAge(0);
if (isCookieSecure()) {
cookie.setSecure(true);
}
if (isCookieHttpOnly()) {
cookie.setHttpOnly(true);
}
response.addCookie(cookie);
if (logger.isDebugEnabled()) {
logger.debug("Removed cookie with name [" + getCookieName() + "]");