[seam-issues] [JBoss JIRA] Resolved: (JBSEAM-4660) RememberMe adds invalid path to Cookie

Shane Bryzak (JIRA) jira-events at lists.jboss.org
Sat Jun 5 08:36:25 EDT 2010


     [ https://jira.jboss.org/browse/JBSEAM-4660?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Shane Bryzak resolved JBSEAM-4660.
----------------------------------

      Assignee: Shane Bryzak
    Resolution: Duplicate Issue


Dupe of SEAMSECURITY-9

> RememberMe adds invalid path to Cookie
> --------------------------------------
>
>                 Key: JBSEAM-4660
>                 URL: https://jira.jboss.org/browse/JBSEAM-4660
>             Project: Seam
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 2.2.0.GA
>            Reporter: Florian Specker
>            Assignee: Shane Bryzak
>
> When deploying into the root context of JBoss AS (war-file is names ROOT.war), the context path is the empty string. RememberMe checks the context path against null values before adding setting it in the Cookie, but not against empty values. A Cookie with the path set to "" is refused by some browsers (tested on Safari on iPhoneOS 3.1.3). When the path is set to /, the Cookie is accepted as expected.
> As a workaround, I subclassed RememberMe and overwrote getCookiePath():
>     @Override
>     public String getCookiePath() {
>         // do not send empty path - this confuses safari for iPhone
>         String path = super.getCookiePath();
>         return "".equals(path) ? "/" : path;
>     }

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


More information about the seam-issues mailing list