Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m using Spring Security and I’ve noticed that, when a user logs in, the authentication cookie will be valid for about a day. It doesn’t seem to ‘refresh’ this expiration date – the cookie expires after a day, even if 5 minutes before the end of that day I’ve made a request to the server on a secured URL.
How can I set up sliding expiration for authentication cookies?
Its quite easy to add custom filter that will inspect the cookie and re-set it to later expiration if needed (to see the proper way of doing those, you can take a look at
org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilterandorg.springframework.security.web.authentication.rememberme.AbstractRememberMeServices#setCookie), though I’d consider not extending the cookie expiration by the same amount as successful login (but just beyond the session expiration); in addition, I’d guess there is no need to touch cookie on each request, but only if there is a certain minimal amount of time left to the cookie expiration.