[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-3885) Make CookiePath for RememberMe cookies optionally fixed

Tobias Hill (JIRA) jira-events at lists.jboss.org
Tue Mar 17 02:45:22 EDT 2009

    [ https://jira.jboss.org/jira/browse/JBSEAM-3885?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12457596#action_12457596 ] 

Tobias Hill commented on JBSEAM-3885:

Actually the "remember me"s current rigid cookie path settings made it impossible to 
integrate it with our seam application. In our application it is possible to login from plenty 
of paths disjunct from the total space of paths for the app. 

We just had to roll our own "rememberme" ...  : ( 

> Make CookiePath for RememberMe cookies optionally fixed
> -------------------------------------------------------
>                 Key: JBSEAM-3885
>                 URL: https://jira.jboss.org/jira/browse/JBSEAM-3885
>             Project: Seam
>          Issue Type: Feature Request
>          Components: Security
>    Affects Versions: 2.1.1.GA
>            Reporter: Klaasjan te Voortwis
>            Assignee: Shane Bryzak
> The RememberMe cookies are stored on the same path as where the page was served from. 
> When providing a user/pass field in the top of all pages, a user can for example
> - log in on http://domain.name/issuesystem/issue/create.seam, and mark RememberMe true
> - come back to the site http://domain.name/someotherpath, and now the user is not logged in
> (optionally) fixing the CookiePath for the RememberMe cookies to "/" instead of ctx.getExternalContext().getRequestContextPath() will solve this issue.
> Setting the cookiePath is done in RememberMe.java on lines 221 and 238.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


More information about the seam-issues mailing list