Expected Behavior
Maximum age of cookies created by CookieCsrfTokenRepository should be configurable.
Current Behavior
Currently, CookieCsrfTokenRepository generated cookies with a maximum age value of -1.
Context
Currently, CookieCsrfTokenRepository generated cookies with a maximum age value of -1.
This means the cookie will expire as soon as the browser is closed.
Under some circumtances, a cookie with a specific maximum age may be desired.
I've faced with a security tester who did not approve my project's production deployment
until I've set a maximum age value to the csrf token cookie. Now I have to extend CookieCsrfTokenRepository
and override its behavior in every project that my team has developped.
I've implemented this feature and I want to send a pull request.