[jboss-jira] [JBoss JIRA] (WFLY-3050) '=' character removed from request cookie
roy mizrachi (JIRA)
issues at jboss.org
Thu Mar 20 06:28:10 EDT 2014
[ https://issues.jboss.org/browse/WFLY-3050?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12954511#comment-12954511 ]
roy mizrachi edited comment on WFLY-3050 at 3/20/14 6:26 AM:
-------------------------------------------------------------
There should add "allow-equals-in-cookie-value" attribute to wildfly-undertow_1_0.xsd under http-listener.
The options already exists in io.undertow.UndertowOptions.
Will this be fixed in the near future and is there a bypass for this for final version?
This issue is a major issue and prevent me to migrate to jboss.
By the way the issue does not exists in wildfly 8 beta 1
Thanks
was (Author: roim):
Will this be fixed in the near future and is there a bypass for this for final version?
This issue is a major issue and prevent me to migrate to jboss.
By the way the issue does not exists in wildfly 8 beta 1
Thanks
> '=' character removed from request cookie
> ------------------------------------------
>
> Key: WFLY-3050
> URL: https://issues.jboss.org/browse/WFLY-3050
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Web (Undertow)
> Affects Versions: 8.0.0.Final
> Environment: windows 7
> Reporter: roy mizrachi
> Assignee: Stuart Douglas
>
> I'm saving encrypted user token in session cookie:
> Cookie: JCORESESSIONID=aes256$/tew4VVsfdJ32iUX1AOqBGRb717TJC9KkejjAPl6BIAG6kCP4beSraL51eQG2iu5bV9uT3OsubXUcjO+sG2lYNWbu5NliQd361oUz2Yl4LQ=
> The problem is that in the server i see that the '=' character is removed hence i cannot decrypt it.
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list