https://issues.apache.org/jira/browse/SHIRO-183
On Sun, Oct 31, 2010 at 11:46 AM, Alan D. Cabrera <[email protected]> wrote: > What Jira issue was this fix checked in under? I want to merge the fix into > my sandbox branch to see if it fixes SHIRO-212. > > > Regards, > Alan > > On Oct 25, 2010, at 9:43 AM, Kalle Korhonen wrote: > >> I appreciate the report. The cookie spec is a bit vague on this and >> unfortunately browsers handle the corner cases differently. Please >> grab the latest snapshot later today (I just checked in a fix) which >> should resolve this but also keep the fix for the original issue in >> place. >> >> Kalle >> >> >> On Mon, Oct 25, 2010 at 9:17 AM, Mike K <[email protected]> wrote: >>> >>> Having grabbed the latest shiro-1.10 snapshot I started experiencing login >>> issues in the application. Digging in further, I have noticed the following >>> difference with cookies dropped at login between the earlier code drop and >>> the newest: >>> OLD: >>> Set-Cookie: JSESSIONID=6fd35335-6dd6-4d37-9813-71264e027bfe; Path=/service; >>> HttpOnly >>> NEW: >>> Set-Cookie: JSESSIONID=b11cc1ab-d812-44e5-af15-a291bdf3a6d7; Path=/service; >>> Max-Age=-1; HttpOnly >>> >>> >>> The difference is the setting of Max-Age=1, which seems like the right thing >>> to do according to http://www.faqs.org/rfcs/rfc2616.html. Unfortunately >>> this causes Firefox to delete the cookie and not forward it on subsequent >>> requests. IE is not affected by this change. >>> >>> This seems like a bug (even if it really is in Firefox), but perhaps the >>> devs here have a suggestion to mitigate this. >>> -- >>> View this message in context: >>> http://shiro-developer.582600.n2.nabble.com/shiro-1-10-snapshot-cookie-max-age-issues-tp5671317p5671317.html >>> Sent from the Shiro Developer mailing list archive at Nabble.com. >>> > >
