[jboss-jira] [JBoss JIRA] Updated: (AS7-1283) Cookie-Based Sessions Broken
Jason Greene (JIRA)
jira-events at lists.jboss.org
Thu Jul 14 09:41:23 EDT 2011
[ https://issues.jboss.org/browse/AS7-1283?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jason Greene updated AS7-1283:
------------------------------
Fix Version/s: 7.0.1.Final
> Cookie-Based Sessions Broken
> ----------------------------
>
> Key: AS7-1283
> URL: https://issues.jboss.org/browse/AS7-1283
> Project: Application Server 7
> Issue Type: Bug
> Affects Versions: 7.0.0.Final
> Reporter: Benjamin Browning
> Assignee: Remy Maucherat
> Priority: Blocker
> Fix For: 7.0.1.Final
>
>
> See http://community.jboss.org/message/612763 and http://lists.jboss.org/pipermail/jboss-as7-dev/2011-July/003120.html.
> Essentially cookie-based sessions are broken in major browsers and curl unless -Dorg.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR=false is passed on boot. It's likely a large percentage of the people that try AS7 Final will run into this issue and have to spend time trying to figure out why sessions aren't working.
> To summarize the above links, what's happening is the cookie's Path value is being enclosed in quotes. Browsers don't expect this and thus when the browser receives a cookie it doesn't send that cookie back on subsequent requests because the browser doesn't think the cookie's Path value matches the user's path.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list