Enhance Remember Me Feature for Login #103
Conversation
There was a problem hiding this comment.
Pull Request Overview
This pull request enhances the "Remember Me" functionality by storing the username in a cookie during user login.
- Updated the login page to include a "Remember Me" checkbox.
- Modified the SecurityConfig to configure remember-me properties.
- Updated the AppController to create a cookie when the remember-me option is selected.
Reviewed Changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| src/test/java/net/codejava/JUnit5ExampleTest12.java | Added test cases for search feature settings. |
| src/main/resources/templates/login.html | Added UI element for the "Remember Me" feature. |
| src/main/java/net/codejava/SecurityConfig.java | Configured remember-me options including token validity. |
| src/main/java/net/codejava/AppController.java | Updated login POST method to handle remember-me cookie creation. |
Files not reviewed (1)
- build_and_run_app.sh: Language not supported
| if (rememberMe) { | ||
| // Set a cookie for "Remember Me" | ||
| javax.servlet.http.Cookie rememberMeCookie = new javax.servlet.http.Cookie("rememberMe", username); | ||
| rememberMeCookie.setMaxAge(7 * 24 * 60 * 60); // 7 days |
There was a problem hiding this comment.
Replace the magic number for the cookie's max age with a named constant to improve maintainability.
Copilot uses AI. Check for mistakes.
| .rememberMe() | ||
| .key("uniqueAndSecret") | ||
| .rememberMeParameter("rememberMe") | ||
| .tokenValiditySeconds(7 * 24 * 60 * 60) // 7 days |
There was a problem hiding this comment.
Replace the magic number for token validity seconds with a well-named constant to avoid duplication and improve clarity.
Copilot uses AI. Check for mistakes.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| rememberMeCookie.setMaxAge(7 * 24 * 60 * 60); // 7 days | ||
| rememberMeCookie.setHttpOnly(true); | ||
| rememberMeCookie.setPath("/"); | ||
| response.addCookie(rememberMeCookie); |
Check warning
Code scanning / CodeQL
Failure to use secure cookies Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 month ago
To fix the issue, the secure flag must be explicitly set on the rememberMeCookie before adding it to the response. This ensures that the cookie is only sent over HTTPS connections, mitigating the risk of interception. The change involves calling the setSecure(true) method on the rememberMeCookie object before the response.addCookie(rememberMeCookie) line.
| @@ -181,5 +181,6 @@ | ||
| rememberMeCookie.setMaxAge(7 * 24 * 60 * 60); // 7 days | ||
| rememberMeCookie.setHttpOnly(true); | ||
| rememberMeCookie.setPath("/"); | ||
| response.addCookie(rememberMeCookie); | ||
| rememberMeCookie.setHttpOnly(true); | ||
| rememberMeCookie.setSecure(true); | ||
| rememberMeCookie.setPath("/"); | ||
| response.addCookie(rememberMeCookie); | ||
| } |
| rememberMeCookie.setMaxAge(7 * 24 * 60 * 60); // 7 days | ||
| rememberMeCookie.setHttpOnly(true); | ||
| rememberMeCookie.setPath("/"); | ||
| response.addCookie(rememberMeCookie); |
Check warning
Code scanning / CodeQL
HTTP response splitting Medium
Copilot Autofix
AI about 1 month ago
Copilot could not generate an autofix suggestion
Copilot could not generate an autofix suggestion for this alert. Try pushing a new commit or if the problem persists contact support.
This pull request enhances the "Remember Me" feature for the login functionality:
AppController.javato store the username in the "Remember Me" cookie for better functionality.This improvement ensures that the username is retained securely for a better user experience. Please review the changes and provide feedback.