[seam-issues] [JBoss JIRA] Updated: (SEAMSECURITY-9) Cookies stored incorrectly when web application is deployed with empty root path

Shane Bryzak (JIRA) jira-events at lists.jboss.org
Wed Apr 14 06:45:25 EDT 2010 

     [ https://jira.jboss.org/jira/browse/SEAMSECURITY-9?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Shane Bryzak updated SEAMSECURITY-9:
------------------------------------

    Fix Version/s: 3.0.0.Beta1


> Cookies stored  incorrectly when web application is deployed with empty root path
> ---------------------------------------------------------------------------------
>
>                 Key: SEAMSECURITY-9
>                 URL: https://jira.jboss.org/jira/browse/SEAMSECURITY-9
>             Project: Seam Security
>          Issue Type: Bug
>         Environment: Firefox 3.0.x
>            Reporter: Evgeny Denisov
>            Assignee: Shane Bryzak
>             Fix For: 3.0.0.Beta1
>
>
> There is a bug in that prevents RememberMe functionality to work properly. This occurs when web application is deployed with empty context root path and can be reproduced in Firefox 3.0.8.
> There was similar bug reported earlier for Spring: http://jira.springframework.org/browse/SEC-364
> The cause is empty cookie path that set to "" in org.jboss.seam.faces.Selector when context root of deployed web app is empty. An empty cookie path results in inconsistent behavior at least between ie and firefox: ie presumes "/" whereas firefox presumes the leading path for the current request. Chrome 1.0 also does not like empty cookie path.
> The bug can be fixed if method 
> public void setCookiePath(String cookiePath) 
> of org.jboss.seam.faces.Selector 
> will be modified in the same way:
> public void setCookiePath(String cookiePath)
>    {
>         /* firefox does not like empty cookie path */
>         if (cookiePath == null || cookiePath.isEmpty()) {
>             this.cookiePath = "/";
>         } else {
>                 this.cookiePath = cookiePath;
>         }
>    }

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list