[
https://jira.jboss.org/jira/browse/JBSEAM-4398?page=com.atlassian.jira.pl...
]
Sangeetha Radhakrishnan commented on JBSEAM-4398:
-------------------------------------------------
Hi Miguel,
Add the following line in your run.bat file:
set JAVA_OPTS=%JAVA_OPTS% "-Dorg.apache.catalina.
STRICT_SERVLET_COMPLIANCE=false"
This may fix your problem.
RememberMe Issue - Base 64 encoded cookie containing '=' is
not processed correctly in some cases
-------------------------------------------------------------------------------------------------
Key: JBSEAM-4398
URL:
https://jira.jboss.org/jira/browse/JBSEAM-4398
Project: Seam
Issue Type: Bug
Affects Versions: 2.1.2.GA, 2.2.0.GA
Environment: Observed on Windows Vista, JBoss 5.1.0 GA. Problem likely exists on
other operating systems and other Tomcat 6 based systems.
Reporter: Peter Goldstein
When attempting to use the RememberMe component in auto-login mode I discovered a bug in
the cookie handling of this component.
When attempting to log using an auth token I was encountering repeated failures - the
token was simply not being found in the database. After some investigation I discovered
that the problem was that the value parameter passed into the query was truncated by one
character - the last character was cut off.
I tracked the problem further back, and discovered that the truncated value originated in
JBoss' Tomcat. The cookie value being passed in was missing the last two '='
characters.
Some Google searching revealed that this was deliberate - Tomcat 6 in the JBoss 5.1.0 GA
configuration enforces strict character rules in the cookie value, which excludes
'='.
I'm not sure if Tomcat 6 is 'right' or not, but I do know that either way,
this is a trivial issue to address on the Seam side.
All one has to do is replace the '=' from the Base64 encoded token value with
another allowed character (say '_' or '-') before placing it in a cookie,
and reverse the process when reading a cookie.
I have a patch for this issue on the 2.2.0 GA code. I simply need to know how to submit
it.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira