-
Notifications
You must be signed in to change notification settings - Fork 4
Enhance Remember Me Feature for Login #103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
This pull request enhances the "Remember Me" functionality by storing the username in a cookie during user login.
- Updated the login page to include a "Remember Me" checkbox.
- Modified the SecurityConfig to configure remember-me properties.
- Updated the AppController to create a cookie when the remember-me option is selected.
Reviewed Changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 2 comments.
File | Description |
---|---|
src/test/java/net/codejava/JUnit5ExampleTest12.java | Added test cases for search feature settings. |
src/main/resources/templates/login.html | Added UI element for the "Remember Me" feature. |
src/main/java/net/codejava/SecurityConfig.java | Configured remember-me options including token validity. |
src/main/java/net/codejava/AppController.java | Updated login POST method to handle remember-me cookie creation. |
Files not reviewed (1)
- build_and_run_app.sh: Language not supported
if (rememberMe) { | ||
// Set a cookie for "Remember Me" | ||
javax.servlet.http.Cookie rememberMeCookie = new javax.servlet.http.Cookie("rememberMe", username); | ||
rememberMeCookie.setMaxAge(7 * 24 * 60 * 60); // 7 days |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Replace the magic number for the cookie's max age with a named constant to improve maintainability.
Copilot uses AI. Check for mistakes.
.rememberMe() | ||
.key("uniqueAndSecret") | ||
.rememberMeParameter("rememberMe") | ||
.tokenValiditySeconds(7 * 24 * 60 * 60) // 7 days |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Replace the magic number for token validity seconds with a well-named constant to avoid duplication and improve clarity.
Copilot uses AI. Check for mistakes.
rememberMeCookie.setMaxAge(7 * 24 * 60 * 60); // 7 days | ||
rememberMeCookie.setHttpOnly(true); | ||
rememberMeCookie.setPath("/"); | ||
response.addCookie(rememberMeCookie); |
Check warning
Code scanning / CodeQL
Failure to use secure cookies Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 month ago
To fix the issue, the secure
flag must be explicitly set on the rememberMeCookie
before adding it to the response. This ensures that the cookie is only sent over HTTPS connections, mitigating the risk of interception. The change involves calling the setSecure(true)
method on the rememberMeCookie
object before the response.addCookie(rememberMeCookie)
line.
-
Copy modified lines R182-R185
@@ -181,5 +181,6 @@ | ||
rememberMeCookie.setMaxAge(7 * 24 * 60 * 60); // 7 days | ||
rememberMeCookie.setHttpOnly(true); | ||
rememberMeCookie.setPath("/"); | ||
response.addCookie(rememberMeCookie); | ||
rememberMeCookie.setHttpOnly(true); | ||
rememberMeCookie.setSecure(true); | ||
rememberMeCookie.setPath("/"); | ||
response.addCookie(rememberMeCookie); | ||
} |
rememberMeCookie.setMaxAge(7 * 24 * 60 * 60); // 7 days | ||
rememberMeCookie.setHttpOnly(true); | ||
rememberMeCookie.setPath("/"); | ||
response.addCookie(rememberMeCookie); |
Check warning
Code scanning / CodeQL
HTTP response splitting Medium
user-provided value
Copilot Autofix
AI about 1 month ago
Copilot could not generate an autofix suggestion
Copilot could not generate an autofix suggestion for this alert. Try pushing a new commit or if the problem persists contact support.
This pull request enhances the "Remember Me" feature for the login functionality:
AppController.java
to store the username in the "Remember Me" cookie for better functionality.This improvement ensures that the username is retained securely for a better user experience. Please review the changes and provide feedback.