[seam-issues] [JBoss JIRA] (JBSEAM-4906) Token-based Remember Me Base64 encoding problem in Internet Explorer

Tayfun Gokmen Halac (JIRA) jira-events at lists.jboss.org
Fri Mar 9 13:32:36 EST 2012


    [ https://issues.jboss.org/browse/JBSEAM-4906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12675569#comment-12675569 ] 

Tayfun Gokmen Halac edited comment on JBSEAM-4906 at 3/9/12 1:32 PM:
---------------------------------------------------------------------

That's not the same issue. JBSEAM-4701 considers empty cookie path. The problem is about constructed authentication token in autoLogin mode of RememberMe. After Remember-Me generates an authentication token, it is encoded using Base64. But, Base64 encoding contains equals ("=") signs at the end. For this reason, Tomcat converts the cookie into version 1 form since it has a character incompatible with version 0. 

Internet Explorer cannot understand max-age property in cookie of version 1. 

See isToken2() and maybeQuote2() methods in org.apache.tomcat.util.http.ServerCookie.java. 

I am producing the issue on JBoss-6.0.0.Final with Seam 2.2.2. 
                
      was (Author: tayfunhalac):
    That's not the same issue. JBSEAM-4701 considers empty cookie path. The problem is that about constructed authentication token. After Remember-Me generates an authentication token, it is encoded using Base64. But, Base64 encoding contains equals ("=") signs at the end. For this reason, Tomcat converts the cookie into version 1 form since it has a character incompatible with version 0. 

Internet Explorer cannot understand max-age property in cookie of version 1. 

See isToken2() and maybeQuote2() methods in org.apache.tomcat.util.http.ServerCookie.java. 

I am producing the issue on JBoss-6.0.0.Final with Seam 2.2.2. 
                  
> Token-based Remember Me Base64 encoding problem in Internet Explorer
> --------------------------------------------------------------------
>
>                 Key: JBSEAM-4906
>                 URL: https://issues.jboss.org/browse/JBSEAM-4906
>             Project: Seam 2
>          Issue Type: Bug
>    Affects Versions: 2.2.2.Final
>            Reporter: Tayfun Gokmen Halac
>
> Seam Remember Me component produces Base64 encoded token values for auto-login. But, Internet Explorer cookies (which are Netspace based version 0 cookies) do not support some characters in Base64 encoded cookies. Application Server converts a seam authcookie to version 1 cookie if it contains unssupported character such as "=", and therefore max-age property is not recognized by IE. For this reason, authentication cookies cannot be persisted in IE and are deleted at the end of the session. As a result, remember me is usually not working on IE. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


More information about the seam-issues mailing list