Remember-me cookie path wrong if servlet context path is root ("/")
-------------------------------------------------------------------
Key: JSEC-34
URL: https://issues.apache.org/jira/browse/JSEC-34
Project: JSecurity
Issue Type: Bug
Components: Web
Affects Versions: 0.9-RC1
Reporter: Peter Ledbrook
Fix For: 1.0
If a web application is installed in the root context of a servlet container,
the remember-me cookie defaults to a value of "" (because that's what
{{request.getContextPath()}} returns). Unfortunately, this appears to attach
the cookie to the current request's URL rather than the required root, "/". The
offending code is in {{org.jsecurity.web.attr.CookieAttribute}} where the
{{onStoreValue()}} method does this:
{code}
String path = getPath() != null ? getPath() : request.getContextPath()
{code}
We should either always append '/' to the context path or set the cookie path
to "/" if the request context path is an empty string.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
