[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-3885) Make CookiePath for RememberMe cookies optionally fixed

[Tobias Hill (JIRA)]

    [ https://jira.jboss.org/jira/browse/JBSEAM-3885?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12457596#action_12457596 ] 

Tobias Hill commented on JBSEAM-3885:
-------------------------------------

Actually the "remember me"s current rigid cookie path settings made it impossible to 
integrate it with our seam application. In our application it is possible to login from plenty 
of paths disjunct from the total space of paths for the app. 

We just had to roll our own "rememberme" ...  : ( 


> Make CookiePath for RememberMe cookies optionally fixed
> -------------------------------------------------------
>
>                 Key: JBSEAM-3885
>                 URL: https://jira.jboss.org/jira/browse/JBSEAM-3885
>             Project: Seam
>          Issue Type: Feature Request
>          Components: Security
>    Affects Versions: 2.1.1.GA
>            Reporter: Klaasjan te Voortwis
>            Assignee: Shane Bryzak
>
> The RememberMe cookies are stored on the same path as where the page was served from. 
> When providing a user/pass field in the top of all pages, a user can for example
> - log in on http://domain.name/issuesystem/issue/create.seam, and mark RememberMe true
> - come back to the site http://domain.name/someotherpath, and now the user is not logged in
> (optionally) fixing the CookiePath for the RememberMe cookies to "/" instead of ctx.getExternalContext().getRequestContextPath() will solve this issue.
> Setting the cookiePath is done in RememberMe.java on lines 221 and 238.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira