Skip to content

Enhance Remember Me Feature for Login #103

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 3 commits into from
Closed

Enhance Remember Me Feature for Login #103

wants to merge 3 commits into from

Conversation

tsviz
Copy link
Contributor

@tsviz tsviz commented Apr 21, 2025

This pull request enhances the "Remember Me" feature for the login functionality:

  1. Backend Changes:
    • Updated AppController.java to store the username in the "Remember Me" cookie for better functionality.

This improvement ensures that the username is retained securely for a better user experience. Please review the changes and provide feedback.

@tsviz tsviz requested a review from Copilot April 21, 2025 15:26
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request enhances the "Remember Me" functionality by storing the username in a cookie during user login.

  • Updated the login page to include a "Remember Me" checkbox.
  • Modified the SecurityConfig to configure remember-me properties.
  • Updated the AppController to create a cookie when the remember-me option is selected.

Reviewed Changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 2 comments.

File Description
src/test/java/net/codejava/JUnit5ExampleTest12.java Added test cases for search feature settings.
src/main/resources/templates/login.html Added UI element for the "Remember Me" feature.
src/main/java/net/codejava/SecurityConfig.java Configured remember-me options including token validity.
src/main/java/net/codejava/AppController.java Updated login POST method to handle remember-me cookie creation.
Files not reviewed (1)
  • build_and_run_app.sh: Language not supported

if (rememberMe) {
// Set a cookie for "Remember Me"
javax.servlet.http.Cookie rememberMeCookie = new javax.servlet.http.Cookie("rememberMe", username);
rememberMeCookie.setMaxAge(7 * 24 * 60 * 60); // 7 days
Copy link
Preview

Copilot AI Apr 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replace the magic number for the cookie's max age with a named constant to improve maintainability.

Copilot uses AI. Check for mistakes.

.rememberMe()
.key("uniqueAndSecret")
.rememberMeParameter("rememberMe")
.tokenValiditySeconds(7 * 24 * 60 * 60) // 7 days
Copy link
Preview

Copilot AI Apr 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replace the magic number for token validity seconds with a well-named constant to avoid duplication and improve clarity.

Copilot uses AI. Check for mistakes.

rememberMeCookie.setMaxAge(7 * 24 * 60 * 60); // 7 days
rememberMeCookie.setHttpOnly(true);
rememberMeCookie.setPath("/");
response.addCookie(rememberMeCookie);

Check warning

Code scanning / CodeQL

Failure to use secure cookies Medium

Cookie is added to response without the 'secure' flag being set.

Copilot Autofix

AI about 1 month ago

To fix the issue, the secure flag must be explicitly set on the rememberMeCookie before adding it to the response. This ensures that the cookie is only sent over HTTPS connections, mitigating the risk of interception. The change involves calling the setSecure(true) method on the rememberMeCookie object before the response.addCookie(rememberMeCookie) line.


Suggested changeset 1
src/main/java/net/codejava/AppController.java

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/main/java/net/codejava/AppController.java b/src/main/java/net/codejava/AppController.java
--- a/src/main/java/net/codejava/AppController.java
+++ b/src/main/java/net/codejava/AppController.java
@@ -181,5 +181,6 @@
 				rememberMeCookie.setMaxAge(7 * 24 * 60 * 60); // 7 days
-				rememberMeCookie.setHttpOnly(true);
-				rememberMeCookie.setPath("/");
-				response.addCookie(rememberMeCookie);
+				rememberMeCookie.setHttpOnly(true);
+				rememberMeCookie.setSecure(true);
+				rememberMeCookie.setPath("/");
+				response.addCookie(rememberMeCookie);
 			}
EOF
@@ -181,5 +181,6 @@
rememberMeCookie.setMaxAge(7 * 24 * 60 * 60); // 7 days
rememberMeCookie.setHttpOnly(true);
rememberMeCookie.setPath("/");
response.addCookie(rememberMeCookie);
rememberMeCookie.setHttpOnly(true);
rememberMeCookie.setSecure(true);
rememberMeCookie.setPath("/");
response.addCookie(rememberMeCookie);
}
Copilot is powered by AI and may make mistakes. Always verify output.
rememberMeCookie.setMaxAge(7 * 24 * 60 * 60); // 7 days
rememberMeCookie.setHttpOnly(true);
rememberMeCookie.setPath("/");
response.addCookie(rememberMeCookie);

Check warning

Code scanning / CodeQL

HTTP response splitting Medium

This header depends on a
user-provided value
, which may cause a response-splitting vulnerability.

Copilot Autofix

AI about 1 month ago

Copilot could not generate an autofix suggestion

Copilot could not generate an autofix suggestion for this alert. Try pushing a new commit or if the problem persists contact support.

@tsviz tsviz closed this Apr 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant