spring-session icon indicating copy to clipboard operation
spring-session copied to clipboard

Published 20 hours ago verified publisher icon spring-projects

Omitting Path of a cookie

Open stojsavljevic opened this issue 7 years ago • 3 comments

Hi,

is it possible to completely omit Path attribute of a cookie?

From what I can see in DefaultCookieSerializer it doesn't seem possible.

I believe this can be useful in cases when an application is accessed from different paths. And when Path is omitted browser will default to current resource path.

stojsavljevic avatar Jun 26 '17 14:06 stojsavljevic

You could try implementing CookieSerializer yourself or extending DefaultCookieSerializer and overriding. Then in your config, just hook up your serializer:

@Bean 
public HttpSessionStrategy httpSessionStrategy() { 
	CookieHttpSessionStrategy strategy = new CookieHttpSessionStrategy();
	MyCustomCookieSerializer cookieSerializer = new MyCustomCookieSerializer();
	cookieSerializer.setCookieMaxAge(browserCookieTimeoutInSecs);
	cookieSerializer.setCookieName(DEFAULT_COOKIE_NAME);
	strategy.setCookieSerializer(cookieSerializer);
	return strategy; 
}

Sorry, code formatting seems to suck on here.

fcjreed avatar Aug 24 '17 17:08 fcjreed

@stojsavljevic Can you provide more details about the use case that was the motivation for this? Thanks.

vpavic avatar Feb 28 '18 11:02 vpavic

@vpavic

Let's say we have an application that is exposed on 2 different context paths trough some proxy, load balancer or something similar. And we want to have cookies bound to the context path. Obviously, we can't configure SS in front so we would need some dynamic way to determine context path on the fly and set cookie path accordingly. Another option would be to omit the path and let browser to fall back to the default - current context path.

This is what I can think of :)

stojsavljevic avatar Mar 01 '18 09:03 stojsavljevic