Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for partitioned cookies #42307

Closed
miskr-instructure opened this issue Sep 13, 2024 · 2 comments
Closed

Add support for partitioned cookies #42307

miskr-instructure opened this issue Sep 13, 2024 · 2 comments
Labels
status: superseded An issue that has been superseded by another

Comments

@miskr-instructure
Copy link

miskr-instructure commented Sep 13, 2024
edited
Loading

Since the fix of spring-projects/spring-session#2787 the DefaultCookieSerializer of spring session now supports the partitioned attribute. However that attribute cannot be set via configuration, only by providing a custom
CookieSerializer Bean.

This application.yml does not work as one would intuitively expect:

server:
  servlet:
    session:
      cookie:
        same-site: 'none'
        partitioned: 'true'  # <-- no effect
        secure: 'true'       # <-- also no effect?

... it seems it's only possible to set the new value by providing a custom @Bean:

@Configuration
class CustomCookieSerializerConfig {
  @Bean
  CookieSerializer cookieSerializer() {
    var cookieSerializer = new DefaultCookieSerializer();
    cookieSerializer.setSameSite("None");
    cookieSerializer.setPartitioned(true);
    cookieSerializer.setUseSecureCookie(true);
    return cookieSerializer;
  }
}

The likely cause is missing implementation in org.springframework.session.config.annotation.web.http.SpringHttpSessionConfiguration.createDefaultCookieSerializer()

Regarding affected versions:

  • "server.servlet.session.cookie.secure" doesn't work in spring boot 3.3.x (and probably never has based on git blame)
  • the partitioned feature will be a new one in spring boot 3.4.x which is not released yet (but it'd be nice if it worked by the time it goes GA)
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Sep 13, 2024
@philwebb
Copy link
Member

We don't currently have support for partitioned, but I'm surprised to see secure not working. Are you sure that's the case @miskr-instructure?

@philwebb philwebb changed the title Cannot configure "secure" and "partitioned" attributes via "server.servlet.session.cookie" Add support for partitioned cookies Sep 13, 2024
@philwebb philwebb added type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Sep 13, 2024
@philwebb philwebb added this to the 3.4.x milestone Sep 13, 2024
nosan added a commit to nosan/spring-boot that referenced this issue Sep 15, 2024
@nosan
Add support for partitioned cookies
49eec0c 
spring-projectsgh-42307
@nosan nosan mentioned this issue Sep 15, 2024
Closed
@philwebb
Copy link
Member

Closing in favor of PR #42316. Thanks @nosan!

@philwebb philwebb closed this as not planned Won't fix, can't repro, duplicate, stale Sep 15, 2024
@philwebb philwebb added status: superseded An issue that has been superseded by another and removed type: enhancement A general enhancement labels Sep 15, 2024
@philwebb philwebb removed this from the 3.4.x milestone Sep 15, 2024
nosan added a commit to nosan/spring-boot that referenced this issue Sep 15, 2024
@nosan
Add support for partitioned cookies
3eca7a4 
spring-projectsgh-42307
nosan added a commit to nosan/spring-boot that referenced this issue Sep 15, 2024
@nosan
Add support for partitioned cookies
8a04295 
spring-projectsgh-42307
nosan added a commit to nosan/spring-boot that referenced this issue Sep 16, 2024
@nosan
Add support for partitioned cookies
e9f7765 
spring-projectsgh-42307
nosan added a commit to nosan/spring-boot that referenced this issue Sep 16, 2024
@nosan
Add support for partitioned cookies
fcd92f3 
spring-projectsgh-42307
nosan added a commit to nosan/spring-boot that referenced this issue Sep 16, 2024
@nosan
Add support for partitioned cookies
b133f5b 
spring-projectsgh-42307
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: superseded An issue that has been superseded by another
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@philwebb @spring-projects-issues @miskr-instructure