[
https://issues.jboss.org/browse/JBSEAM-4906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12675569#comment-12675569
]
Tayfun Gokmen Halac edited comment on JBSEAM-4906 at 3/9/12 1:32 PM:
---------------------------------------------------------------------
That's not the same issue. JBSEAM-4701 considers empty cookie path. The problem
is about constructed authentication token in autoLogin mode of RememberMe.
After Remember-Me generates an authentication token, it is encoded using
Base64. But, Base64 encoding contains equals ("=") signs at the end. For this
reason, Tomcat converts the cookie into version 1 form since it has a character
incompatible with version 0.
Internet Explorer cannot understand max-age property in cookie of version 1.
See isToken2() and maybeQuote2() methods in
org.apache.tomcat.util.http.ServerCookie.java.
I am producing the issue on JBoss-6.0.0.Final with Seam 2.2.2.
was (Author: tayfunhalac):
That's not the same issue. JBSEAM-4701 considers empty cookie path. The
problem is that about constructed authentication token. After Remember-Me
generates an authentication token, it is encoded using Base64. But, Base64
encoding contains equals ("=") signs at the end. For this reason, Tomcat
converts the cookie into version 1 form since it has a character incompatible
with version 0.
Internet Explorer cannot understand max-age property in cookie of version 1.
See isToken2() and maybeQuote2() methods in
org.apache.tomcat.util.http.ServerCookie.java.
I am producing the issue on JBoss-6.0.0.Final with Seam 2.2.2.
> Token-based Remember Me Base64 encoding problem in Internet Explorer
> --------------------------------------------------------------------
>
> Key: JBSEAM-4906
> URL: https://issues.jboss.org/browse/JBSEAM-4906
> Project: Seam 2
> Issue Type: Bug
> Affects Versions: 2.2.2.Final
> Reporter: Tayfun Gokmen Halac
>
> Seam Remember Me component produces Base64 encoded token values for
> auto-login. But, Internet Explorer cookies (which are Netspace based version
> 0 cookies) do not support some characters in Base64 encoded cookies.
> Application Server converts a seam authcookie to version 1 cookie if it
> contains unssupported character such as "=", and therefore max-age property
> is not recognized by IE. For this reason, authentication cookies cannot be
> persisted in IE and are deleted at the end of the session. As a result,
> remember me is usually not working on IE.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
seam-issues mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/seam-issues
