[seam-issues] [JBoss JIRA] Updated: (SEAMSECURITY-9) Cookies stored incorrectly when web application is deployed with empty root path
Shane Bryzak (JIRA)
jira-events at lists.jboss.org
Sun Feb 6 18:09:39 EST 2011
[ https://issues.jboss.org/browse/SEAMSECURITY-9?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Shane Bryzak updated SEAMSECURITY-9:
------------------------------------
Fix Version/s: (was: 3.0.0.Beta1)
> Cookies stored incorrectly when web application is deployed with empty root path
> ---------------------------------------------------------------------------------
>
> Key: SEAMSECURITY-9
> URL: https://issues.jboss.org/browse/SEAMSECURITY-9
> Project: Seam Security
> Issue Type: Bug
> Environment: Firefox 3.0.x
> Reporter: Evgeny Denisov
> Assignee: Shane Bryzak
> Labels: cookie, firefox, rememberme
>
> There is a bug in that prevents RememberMe functionality to work properly. This occurs when web application is deployed with empty context root path and can be reproduced in Firefox 3.0.8.
> There was similar bug reported earlier for Spring: http://jira.springframework.org/browse/SEC-364
> The cause is empty cookie path that set to "" in org.jboss.seam.faces.Selector when context root of deployed web app is empty. An empty cookie path results in inconsistent behavior at least between ie and firefox: ie presumes "/" whereas firefox presumes the leading path for the current request. Chrome 1.0 also does not like empty cookie path.
> The bug can be fixed if method
> public void setCookiePath(String cookiePath)
> of org.jboss.seam.faces.Selector
> will be modified in the same way:
> public void setCookiePath(String cookiePath)
> {
> /* firefox does not like empty cookie path */
> if (cookiePath == null || cookiePath.isEmpty()) {
> this.cookiePath = "/";
> } else {
> this.cookiePath = cookiePath;
> }
> }
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list