[seam-issues] [JBoss JIRA] Updated: (SEAMSECURITY-9) Cookies stored incorrectly when web application is deployed with empty root path

Cookies stored incorrectly when web application is deployed with empty root path --------------------------------------------------------------------------------- Key: SEAMSECURITY-9 URL: https://issues.jboss.org/browse/SEAMSECURITY-9 Project: Seam Security Issue Type: Bug Environment: Firefox 3.0.x Reporter: Evgeny Denisov Assignee: Shane Bryzak Labels: cookie, firefox, rememberme Fix For: Future There is a bug in that prevents RememberMe functionality to work properly. This occurs when web application is deployed with empty context root path and can be reproduced in Firefox 3.0.8. There was similar bug reported earlier for Spring: http://jira.springframework.org/browse/SEC-364 The cause is empty cookie path that set to "" in org.jboss.seam.faces.Selector when context root of deployed web app is empty. An empty cookie path results in inconsistent behavior at least between ie and firefox: ie presumes "/" whereas firefox presumes the leading path for the current request. Chrome 1.0 also does not like empty cookie path. The bug can be fixed if method public void setCookiePath(String cookiePath) of org.jboss.seam.faces.Selector will be modified in the same way: public void setCookiePath(String cookiePath) { /* firefox does not like empty cookie path */ if (cookiePath == null || cookiePath.isEmpty()) { this.cookiePath = "/"; } else { this.cookiePath = cookiePath; } }