Markus Näher created MYFACES-4054:
-------------------------------------
Summary: Webapp with underscore in it's name leads to failed
session-cookies
Key: MYFACES-4054
URL: https://issues.apache.org/jira/browse/MYFACES-4054
Project: MyFaces Core
Issue Type: Bug
Components: General
Affects Versions: 2.1.18
Environment: OS: Linux / Windows
Container: Tomcat 8.0.X
JDK: Oracle JDK 1.8.0_X
Reporter: Markus Näher
I analysed the ViewExpiredExceptions I often get with a minimal "helloworld"
test project. I called the webapp "jsf_test". The Exceptions occurred when I
displayed a form in the browser and clicked it within a few seconds.
In the web console of firefox, I could see that the session cookie was set with
the path /jsf%5ftest, while the other cookies (e.g. oam.Flash.RENDERMAP.TOKEN)
were set with the path /jsf_test. It looks like firefox does not send the
session cookie with the next request, while chromium ignores the difference.
You can see in the tomcat manager webapp that the session count increases when
you reload the page.
I also noticed that the issue does not occur on every deployment / tomcat
restart. It looks like the webapp name is stored internally during
initialization, and depending on little timing variations (race condition ?),
it is either initialized to the escaped or the unescaped value. Tomcat manager
always displays the unescaped name.
Among my collegues, some are always affected, some occasionally, and some never.
After renaming the webapp to "jsftest", the Exceptions and session count
increments were gone.
The issue also occurs with a minus in the name, like "jsf-test".
Unfortunately, my real-life productive project has an underscore in it's name
too, but as many users have bookmarked it, I can't just rename it.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
