Fixed cookie expiry issues

- Fixed cookie cleanup task expiring cookies right away due to wrong way < sign
- Fixed cookies not being removed from browser due to Max-Age=1 instead of Max-Age=0

Affects issues:
- Fixed #2236
This commit is contained in:
Risto Lahtela 2022-01-30 09:18:12 +02:00
parent ecff809785
commit d831bdc9e5
3 changed files with 18 additions and 4 deletions

View File

@ -146,7 +146,7 @@ public class RequestHandler implements HttpHandler {
String directTo = StringUtils.startsWithAny(from, "/auth/", "/login") ? "/login" : "/login?from=." + from; String directTo = StringUtils.startsWithAny(from, "/auth/", "/login") ? "/login" : "/login?from=." + from;
response = Response.builder() response = Response.builder()
.redirectTo(directTo) .redirectTo(directTo)
.setHeader("Set-Cookie", "auth=expired; Path=/; Max-Age=1; SameSite=Lax; Secure;") .setHeader("Set-Cookie", "auth=expired; Path=/; Max-Age=0; SameSite=Lax; Secure;")
.build(); .build();
} }
} }

View File

@ -17,9 +17,12 @@
package com.djrapitops.plan.delivery.webserver.auth; package com.djrapitops.plan.delivery.webserver.auth;
import com.djrapitops.plan.TaskSystem; import com.djrapitops.plan.TaskSystem;
import com.djrapitops.plan.settings.config.PlanConfig;
import com.djrapitops.plan.settings.config.paths.PluginSettings;
import dagger.Lazy; import dagger.Lazy;
import net.playeranalytics.plugin.scheduling.RunnableFactory; import net.playeranalytics.plugin.scheduling.RunnableFactory;
import net.playeranalytics.plugin.scheduling.TimeAmount; import net.playeranalytics.plugin.scheduling.TimeAmount;
import net.playeranalytics.plugin.server.PluginLogger;
import javax.inject.Inject; import javax.inject.Inject;
import javax.inject.Singleton; import javax.inject.Singleton;
@ -32,13 +35,17 @@ import java.util.concurrent.TimeUnit;
@Singleton @Singleton
public class ActiveCookieExpiryCleanupTask extends TaskSystem.Task { public class ActiveCookieExpiryCleanupTask extends TaskSystem.Task {
private final PlanConfig config;
private final Lazy<ActiveCookieStore> activeCookieStore; private final Lazy<ActiveCookieStore> activeCookieStore;
private final PluginLogger logger;
private final Map<String, Long> expiryDates; private final Map<String, Long> expiryDates;
@Inject @Inject
public ActiveCookieExpiryCleanupTask(Lazy<ActiveCookieStore> activeCookieStore) { public ActiveCookieExpiryCleanupTask(PlanConfig config, Lazy<ActiveCookieStore> activeCookieStore, PluginLogger logger) {
this.config = config;
this.activeCookieStore = activeCookieStore; this.activeCookieStore = activeCookieStore;
this.logger = logger;
this.expiryDates = new ConcurrentHashMap<>(); this.expiryDates = new ConcurrentHashMap<>();
} }
@ -56,14 +63,21 @@ public class ActiveCookieExpiryCleanupTask extends TaskSystem.Task {
Set<String> removed = new HashSet<>(); Set<String> removed = new HashSet<>();
for (Map.Entry<String, Long> entry : expiryDates.entrySet()) { for (Map.Entry<String, Long> entry : expiryDates.entrySet()) {
Long expiryTime = entry.getValue(); Long expiryTime = entry.getValue();
if (expiryTime >= time) { if (config.isTrue(PluginSettings.DEV_MODE)) {
logger.info("Cookie " + entry.getKey() + " will expire " + expiryTime);
}
if (expiryTime <= time) {
String cookie = entry.getKey(); String cookie = entry.getKey();
activeCookieStore.get().removeCookie(cookie); activeCookieStore.get().removeCookie(cookie);
removed.add(cookie);
} }
} }
for (String removedCookie : removed) { for (String removedCookie : removed) {
expiryDates.remove(removedCookie); expiryDates.remove(removedCookie);
if (config.isTrue(PluginSettings.DEV_MODE)) {
logger.info("Cookie " + removedCookie + " has expired: " + time);
}
} }
} }

View File

@ -63,7 +63,7 @@ public class LogoutResolver implements NoAuthResolver {
public Response getResponse() { public Response getResponse() {
return Response.builder() return Response.builder()
.redirectTo("/login") .redirectTo("/login")
.setHeader("Set-Cookie", "auth=expired; Max-Age=1; SameSite=Lax; Secure;") .setHeader("Set-Cookie", "auth=expired; Max-Age=0; SameSite=Lax; Secure;")
.build(); .build();
} }
} }