Skip to content

Commit

Permalink
Use secure session cookie
Browse files Browse the repository at this point in the history
  • Loading branch information
@oharsta
oharsta committed Oct 9, 2023
1 parent 4eb6662 commit 1a3c126
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 0 deletions.
9 changes: 9 additions & 0 deletions server/src/main/java/access/security/SecurityConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
import org.springframework.session.web.http.CookieSerializer;
import org.springframework.session.web.http.DefaultCookieSerializer;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
Expand Down Expand Up @@ -114,6 +116,13 @@ public void addCorsMappings(CorsRegistry registry) {
}
}

@Bean
public CookieSerializer cookieSerializer() {
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
serializer.setUseSecureCookie(true);
return serializer;
}

@Bean
@Order(1)
SecurityFilterChain sessionSecurityFilterChain(HttpSecurity http,
Expand Down
4 changes: 4 additions & 0 deletions server/src/main/resources/application.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,10 @@ server:
path: "/error"
include-message: always
forward-headers-strategy: framework
servlet:
session:
cookie:
secure: true

spring:
main:
Expand Down

0 comments on commit 1a3c126

Please sign in to comment.