I try to implement a Remember Me function based on
http://jaspan.com/improved_persistent_login_cookie_best_practice
Therefor I have a CheckBox to activate the cookie and persiste the data into the database. (It’s just test code so dont bother if there’s some stupid stuff in it.
private void updateOrCreateCookie(String email, String series, String token) {
String cookieValue = "user:" + email + ";series=" + series + ";token=" + token + ";";
Cookie updatedCookie = new Cookie(Constants.COOKIE_NAME.getValue(), cookieValue);
//updatedCookie.setHttpOnly(true);
Cookie[] cookies = VaadinService.getCurrentRequest().getCookies();
for (Cookie cookie : cookies) {
if (cookie.getName().equals(Constants.COOKIE_NAME.getValue())) {
updatedCookie = cookie;
updatedCookie.setValue(cookieValue);
}
}
log.warning("Cookie created: "+updatedCookie.getName()+" "+updatedCookie.getValue());
VaadinService.getCurrentResponse().addCookie(updatedCookie);
}
I call that method after a user signed-in successfully
On the logout Button ill set the MaxAge of the cookie to 0 → delete it
After I activated setHttpOnly(true); I got the “Cookies disabled” message on the screen as soon as I check the Remember-Me Checkbox.
When I deactivate httpOnly the message stays…
So here’s my questions:
- On what grounds decides vaadin to show such a message (I have cookies activated in Chrome and Safari)
- Can I do something against it?
I read some posts about that Cookies can only by Created / Updated in the MainViews’ init method… if thats the case ok but will that stay like that with 7.0.0-Release?
Btw. the application is running on Jboss AS 7.1.1