[seam-issues] [JBoss JIRA] Resolved: (JBSEAM-4660) RememberMe adds invalid path to Cookie
[
https://jira.jboss.org/browse/JBSEAM-4660?page=com.atlassian.jira.plugin....
]
Shane Bryzak resolved JBSEAM-4660.
----------------------------------
Assignee: Shane Bryzak
Resolution: Duplicate Issue
Dupe of SEAMSECURITY-9
RememberMe adds invalid path to Cookie
--------------------------------------
Key: JBSEAM-4660
URL: https://jira.jboss.org/browse/JBSEAM-4660
Project: Seam
Issue Type: Bug
Components: Security
Affects Versions: 2.2.0.GA
Reporter: Florian Specker
Assignee: Shane Bryzak
When deploying into the root context of JBoss AS (war-file is names ROOT.war), the
context path is the empty string. RememberMe checks the context path against null values
before adding setting it in the Cookie, but not against empty values. A Cookie with the
path set to "" is refused by some browsers (tested on Safari on iPhoneOS 3.1.3).
When the path is set to /, the Cookie is accepted as expected.
As a workaround, I subclassed RememberMe and overwrote getCookiePath():
@Override
public String getCookiePath() {
// do not send empty path - this confuses safari for iPhone
String path = super.getCookiePath();
return "".equals(path) ? "/" : path;
}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira