I grabbed the commits from last night (thanks Les) and built the jars
today and have installed them in my Grails app. Everything is working
fine with Firefox 3 and Chrome but I'm still having trouble logging out
in both IE7 and Safari.
Based on the comments in CookieAttribute.java there were some browser
specific issues fixed in JSEC-94. I can't find any discussion or info
about this pre-apache issue. Does anyone remember this and have any
useful information about browser specific issues?
My problem only occurs when I deploy on tomcat as ROOT. (Unfortunately
it does not occur when I run my app on Jetty in Grails devel mode. The
build and deploy to tomcat time really slows down my investigation.) I
added detailed debug logging to CookieAttribute.onStoreValue() and
CookieAttribute.removeValue() and these methods seem to be behaving as
expected. I added a filter that logs the cookies contained in every
incoming request and I can see that both IE7 and Safari include the
rememberMe cookie in the request that immediately follows
CookieAttribute.removeValue(). I can't understand what the problem might
be unless it is some strange issue with 'path'.
(BTW, I initially thought that I had found and fixed a problem with
path: the path value being used in removeValue() may be different than
the path value used in onStoreValue() because the fix for JSEC-34 is not
being applied to path upon cookie removal, only upon cookie creation.)
- ongoing rememberMe woes Brad Whitaker
-
