[jboss-jira] [JBoss JIRA] Assigned: (AS7-1283) Cookie-Based Sessions Broken

Cookie-Based Sessions Broken ---------------------------- Key: AS7-1283 URL: https://issues.jboss.org/browse/AS7-1283 Project: Application Server 7 Issue Type: Bug Affects Versions: 7.0.0.Final Reporter: Benjamin Browning Assignee: Remy Maucherat Priority: Blocker See http://community.jboss.org/message/612763 and http://lists.jboss.org/pipermail/jboss-as7-dev/2011-July/003120.html. Essentially cookie-based sessions are broken in major browsers and curl unless -Dorg.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR=false is passed on boot. It's likely a large percentage of the people that try AS7 Final will run into this issue and have to spend time trying to figure out why sessions aren't working. To summarize the above links, what's happening is the cookie's Path value is being enclosed in quotes. Browsers don't expect this and thus when the browser receives a cookie it doesn't send that cookie back on subsequent requests because the browser doesn't think the cookie's Path value matches the user's path.