Short time-to-life for registration cookie

OpenConext · Dec 15, 2023 · 5a49eb4 · 5a49eb4
1 parent bb03b16
commit 5a49eb4
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/myconext-server/src/main/java/myconext/api/LoginController.java b/myconext-server/src/main/java/myconext/api/LoginController.java
@@ -93,7 +93,8 @@ public Map<String, Object> config() {
     public void register(@RequestParam(value = "lang", required = false, defaultValue = "en") String lang,
                          @RequestParam(value = "location", required = false) String location,
                          HttpServletResponse response) throws IOException {
-        response.setHeader("Set-Cookie", REGISTER_MODUS_COOKIE_NAME + "=true; SameSite=None" + (secureCookie ? "; Secure" : ""));
+        String cookieValue = String.format("%s=true; Max-Age=%s; SameSite=None%s", REGISTER_MODUS_COOKIE_NAME, 60 * 10, secureCookie ? "; Secure" : "");
+        response.setHeader("Set-Cookie", cookieValue);
         String redirectLocation = StringUtils.hasText(location) ? location : this.config.get("eduIDLoginUrl") + "&lang=" + lang;
         response.sendRedirect(redirectLocation);
     }