[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-4398) RememberMe Issue - Base 64 encoded cookie containing '=' is not processed correctly in some cases

Miguel Cohnen (JIRA) jira-events at lists.jboss.org
Wed Oct 7 09:36:05 EDT 2009 

    [ https://jira.jboss.org/jira/browse/JBSEAM-4398?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12488789#action_12488789 ] 

Miguel Cohnen commented on JBSEAM-4398:
---------------------------------------

Hi, I guess I'm facing the same issue. The cookie is added to the explorer and to my Database, but no match is satisfied when trying to find it. Could you please provide some information so that I can patch it on my side? I have not found where the encoding is being done... 

Thank you!

> RememberMe Issue - Base 64 encoded cookie containing '=' is not processed correctly in some cases
> -------------------------------------------------------------------------------------------------
>
>                 Key: JBSEAM-4398
>                 URL: https://jira.jboss.org/jira/browse/JBSEAM-4398
>             Project: Seam
>          Issue Type: Bug
>    Affects Versions: 2.1.2.GA, 2.2.0.GA
>         Environment: Observed on Windows Vista, JBoss 5.1.0 GA.  Problem likely exists on other operating systems and other Tomcat 6 based systems.
>            Reporter: Peter Goldstein
>
> When attempting to use the RememberMe component in auto-login mode I discovered a bug in the cookie handling of this component.
> When attempting to log using an auth token I was encountering repeated failures - the token was simply not being found in the database. After some investigation I discovered that the problem was that the value parameter passed into the query was truncated by one character - the last character was cut off.
> I tracked the problem further back, and discovered that the truncated value originated in JBoss' Tomcat. The cookie value being passed in was missing the last two '=' characters.
> Some Google searching revealed that this was deliberate - Tomcat 6 in the JBoss 5.1.0 GA configuration enforces strict character rules in the cookie value, which excludes '='.
> I'm not sure if Tomcat 6 is 'right' or not, but I do know that either way, this is a trivial issue to address on the Seam side.
> All one has to do is replace the '=' from the Base64 encoded token value with another allowed character (say '_' or '-') before placing it in a cookie, and reverse the process when reading a cookie.
> I have a patch for this issue on the 2.2.0 GA code.  I simply need to know how to submit it.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list