>> INFO realm.DbRealm Attempting to authenticate admin in DB realm... >> INFO realm.DbRealm Found user 'admin' in DB >> INFO attr.CookieAttribute Added Cookie [rememberMe] to path [] with value > > I think that should say [/], otherwise the cookie is probably added to > the URL of the current request (i.e. "/auth/"). I don't think the > plugin is doing anything special on either the "remember me" or cookie > front. I'm going to be looking at another problem that someone has > raised, so I'll see if I can replicate this problem.
I think this is a bug in JSecurity. We set the path or the cookie like so: String path = getPath() != null ? getPath() : request.getContextPath(); I suspect that "request.getContextPath()" returns either null or an empty string if the app is in the root context, which probably translates to "add cookie to current request URL". Maybe it should be: String path = getPath() != null ? getPath() : request.getContextPath() + "/"; ? Cheers, Peter
