[seam-issues] [JBoss JIRA] (JBSEAM-4398) RememberMe Issue - Base 64 encoded cookie containing '=' is not processed correctly in some cases

Sun, 30 Sep 2012 23:23:24 -0700 

    [ 
https://issues.jboss.org/browse/JBSEAM-4398?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12722705#comment-12722705
 ] 

Chaithali R commented on JBSEAM-4398:
-------------------------------------

We have been using Jboss-seam 2.2.0 GA but unable to find catch for this. Shane 
Can you provide me the patch for the same.
Thanks,


                
> RememberMe Issue - Base 64 encoded cookie containing '=' is not processed 
> correctly in some cases
> -------------------------------------------------------------------------------------------------
>
>                 Key: JBSEAM-4398
>                 URL: https://issues.jboss.org/browse/JBSEAM-4398
>             Project: Seam 2
>          Issue Type: Bug
>    Affects Versions: 2.1.2.GA, 2.2.0.GA
>         Environment: Observed on Windows Vista, JBoss 5.1.0 GA.  Problem 
> likely exists on other operating systems and other Tomcat 6 based systems.
>            Reporter: Peter Goldstein
>            Assignee: Shane Bryzak
>             Fix For: The future
>
>
> When attempting to use the RememberMe component in auto-login mode I 
> discovered a bug in the cookie handling of this component.
> When attempting to log using an auth token I was encountering repeated 
> failures - the token was simply not being found in the database. After some 
> investigation I discovered that the problem was that the value parameter 
> passed into the query was truncated by one character - the last character was 
> cut off.
> I tracked the problem further back, and discovered that the truncated value 
> originated in JBoss' Tomcat. The cookie value being passed in was missing the 
> last two '=' characters.
> Some Google searching revealed that this was deliberate - Tomcat 6 in the 
> JBoss 5.1.0 GA configuration enforces strict character rules in the cookie 
> value, which excludes '='.
> I'm not sure if Tomcat 6 is 'right' or not, but I do know that either way, 
> this is a trivial issue to address on the Seam side.
> All one has to do is replace the '=' from the Base64 encoded token value with 
> another allowed character (say '_' or '-') before placing it in a cookie, and 
> reverse the process when reading a cookie.
> I have a patch for this issue on the 2.2.0 GA code.  I simply need to know 
> how to submit it.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
seam-issues mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/seam-issues

Reply via email to