]
Shane Bryzak updated SEAMSECURITY-9:
------------------------------------
Fix Version/s: Future
Cookies stored incorrectly when web application is deployed with
empty root path
---------------------------------------------------------------------------------
Key: SEAMSECURITY-9
URL:
https://issues.jboss.org/browse/SEAMSECURITY-9
Project: Seam Security
Issue Type: Bug
Environment: Firefox 3.0.x
Reporter: Evgeny Denisov
Assignee: Shane Bryzak
Labels: cookie, firefox, rememberme
Fix For: Future
There is a bug in that prevents RememberMe functionality to work properly. This occurs
when web application is deployed with empty context root path and can be reproduced in
Firefox 3.0.8.
There was similar bug reported earlier for Spring:
http://jira.springframework.org/browse/SEC-364
The cause is empty cookie path that set to "" in org.jboss.seam.faces.Selector
when context root of deployed web app is empty. An empty cookie path results in
inconsistent behavior at least between ie and firefox: ie presumes "/" whereas
firefox presumes the leading path for the current request. Chrome 1.0 also does not like
empty cookie path.
The bug can be fixed if method
public void setCookiePath(String cookiePath)
of org.jboss.seam.faces.Selector
will be modified in the same way:
public void setCookiePath(String cookiePath)
{
/* firefox does not like empty cookie path */
if (cookiePath == null || cookiePath.isEmpty()) {
this.cookiePath = "/";
} else {
this.cookiePath = cookiePath;
}
}
--
This message is automatically generated by JIRA.
For more information on JIRA, see: