[
https://issues.jboss.org/browse/SEAMSECURITY-9?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shane Bryzak updated SEAMSECURITY-9:
------------------------------------
Fix Version/s: (was: 3.0.0.Beta1)
> Cookies stored incorrectly when web application is deployed with empty root
> path
> ---------------------------------------------------------------------------------
>
> Key: SEAMSECURITY-9
> URL: https://issues.jboss.org/browse/SEAMSECURITY-9
> Project: Seam Security
> Issue Type: Bug
> Environment: Firefox 3.0.x
> Reporter: Evgeny Denisov
> Assignee: Shane Bryzak
> Labels: cookie, firefox, rememberme
>
> There is a bug in that prevents RememberMe functionality to work properly.
> This occurs when web application is deployed with empty context root path and
> can be reproduced in Firefox 3.0.8.
> There was similar bug reported earlier for Spring:
> http://jira.springframework.org/browse/SEC-364
> The cause is empty cookie path that set to "" in
> org.jboss.seam.faces.Selector when context root of deployed web app is empty.
> An empty cookie path results in inconsistent behavior at least between ie and
> firefox: ie presumes "/" whereas firefox presumes the leading path for the
> current request. Chrome 1.0 also does not like empty cookie path.
> The bug can be fixed if method
> public void setCookiePath(String cookiePath)
> of org.jboss.seam.faces.Selector
> will be modified in the same way:
> public void setCookiePath(String cookiePath)
> {
> /* firefox does not like empty cookie path */
> if (cookiePath == null || cookiePath.isEmpty()) {
> this.cookiePath = "/";
> } else {
> this.cookiePath = cookiePath;
> }
> }
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
seam-issues mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/seam-issues
