]
Tobias Hill commented on JBSEAM-3885:
-------------------------------------
Actually the "remember me"s current rigid cookie path settings made it
impossible to
integrate it with our seam application. In our application it is possible to login from
plenty
of paths disjunct from the total space of paths for the app.
We just had to roll our own "rememberme" ... : (
Make CookiePath for RememberMe cookies optionally fixed
-------------------------------------------------------
Key: JBSEAM-3885
URL:
https://jira.jboss.org/jira/browse/JBSEAM-3885
Project: Seam
Issue Type: Feature Request
Components: Security
Affects Versions: 2.1.1.GA
Reporter: Klaasjan te Voortwis
Assignee: Shane Bryzak
The RememberMe cookies are stored on the same path as where the page was served from.
When providing a user/pass field in the top of all pages, a user can for example
- log in on
http://domain.name/issuesystem/issue/create.seam, and mark RememberMe true
- come back to the site
http://domain.name/someotherpath, and now the user is not logged
in
(optionally) fixing the CookiePath for the RememberMe cookies to "/" instead of
ctx.getExternalContext().getRequestContextPath() will solve this issue.
Setting the cookiePath is done in RememberMe.java on lines 221 and 238.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: