- Added a makeTransient property for the authenticator cookie.

- Fixed: absolute timeout was not being picked up from the conf file
matteinn · Feb 25, 2013 · 7f3b7ba · 7f3b7ba
1 parent a9ca40e
commit 7f3b7ba
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 2 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,4 +1,6 @@
 master
+		- Added a makeTransient property for the authenticator cookie.
+		- Fixed: absolute timeout was not being picked up from the conf file
 		- Fixed wrong logout implementation
 		- Made SecureSocial compatible with Play 2.1.
 2.0.11  - 2013-02-21

diff --git a/docs/src/manual/source/guide/configuration.md b/docs/src/manual/source/guide/configuration.md
@@ -50,6 +50,8 @@ SecureSocial uses a cookie to trace authenticated users.  A `cookie` section can
 
 - `absoluteTimeOutInMinutes`: The amount of time the session id will be valid since the user authenticated. After this the user will need to re-authenticate (defaults to 720 minutes - 12 hours)
 
+- `makeTransient`: Makes the cookie transient (defaults to true). Transient cookie are recommended because the cookie dissapears when the browser is closed.  If set to false, the cookie will survive browser restarts and the user won't need to login again (as long as the idle and absolute timeouts have not been passed).
+
 ## Sample configuration
 
 All the settings go inside a `securesocial` section as shown below:

diff --git a/module-code/app/securesocial/core/Authenticator.scala b/module-code/app/securesocial/core/Authenticator.scala
@@ -48,7 +48,7 @@ case class Authenticator(id: String, userId: UserId, creationDate: DateTime,
     Cookie(
       cookieName,
       id,
-      Transient,
+      if ( makeTransient ) Transient else Some(absoluteTimeoutInSeconds),
       cookiePath,
       cookieDomain,
       secure = cookieSecure,
@@ -174,6 +174,7 @@ object Authenticator {
   val ApplicationContext = "application.context"
   val IdleTimeoutKey = "securesocial.cookie.idleTimeoutInMinutes"
   val AbsoluteTimeoutKey = "securesocial.cookie.absoluteTimeoutInMinutes"
+  val TransientKey = "securesocial.cookie.makeTransient"
 
   // default values
   val DefaultCookieName = "id"
@@ -193,6 +194,8 @@ object Authenticator {
   lazy val cookieHttpOnly = Play.application.configuration.getBoolean(CookieHttpOnlyKey).getOrElse(DefaultCookieHttpOnly)
   lazy val idleTimeout = Play.application.configuration.getInt(IdleTimeoutKey).getOrElse(DefaultIdleTimeout)
   lazy val absoluteTimeout = Play.application.configuration.getInt(AbsoluteTimeoutKey).getOrElse(DefaultAbsoluteTimeout)
+  lazy val absoluteTimeoutInSeconds = absoluteTimeout * 60
+  lazy val makeTransient = Play.application.configuration.getBoolean(TransientKey).getOrElse(true)
 
   val discardingCookie: DiscardingCookie = {
     DiscardingCookie(cookieName, cookiePath, cookieDomain, cookieSecure)
@@ -207,7 +210,7 @@ object Authenticator {
   def create(user: Identity): Either[Error, Authenticator] = {
     val id = use[IdGenerator].generate
     val now = DateTime.now()
-    val expirationDate = now.plusMinutes(DefaultAbsoluteTimeout)
+    val expirationDate = now.plusMinutes(absoluteTimeout)
     val authenticator = Authenticator(id, user.id, now, now, expirationDate)
     val r = use[AuthenticatorStore].save(authenticator)
     val result = r.fold( e => Left(e), _ => Right(authenticator) )