That sounds logical to me - please open an issue and I'll zap it as soon as I can. Thanks!
On Fri, Dec 5, 2008 at 10:54 AM, Peter Ledbrook <[EMAIL PROTECTED]> wrote: >>> INFO realm.DbRealm Attempting to authenticate admin in DB realm... >>> INFO realm.DbRealm Found user 'admin' in DB >>> INFO attr.CookieAttribute Added Cookie [rememberMe] to path [] with value >> >> I think that should say [/], otherwise the cookie is probably added to >> the URL of the current request (i.e. "/auth/"). I don't think the >> plugin is doing anything special on either the "remember me" or cookie >> front. I'm going to be looking at another problem that someone has >> raised, so I'll see if I can replicate this problem. > > I think this is a bug in JSecurity. We set the path or the cookie like so: > > String path = getPath() != null ? getPath() : request.getContextPath(); > > I suspect that "request.getContextPath()" returns either null or an > empty string if the app is in the root context, which probably > translates to "add cookie to current request URL". Maybe it should be: > > String path = getPath() != null ? getPath() : request.getContextPath() + "/"; > > ? > > Cheers, > > Peter >
