You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Alan Cabrera (JIRA)" <ji...@apache.org> on 2009/03/06 14:59:56 UTC

[jira] Moved: (KI-6) Remember-me cookie path wrong if servlet context path is root ("/")

     [ https://issues.apache.org/jira/browse/KI-6?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alan Cabrera moved JSEC-34 to KI-6:
-----------------------------------

        Fix Version/s:     (was: 1.0)
          Component/s:     (was: Web)
    Affects Version/s:     (was: 0.9-RC1)
                  Key: KI-6  (was: JSEC-34)
              Project: Ki  (was: JSecurity)

> Remember-me cookie path wrong if servlet context path is root ("/")
> -------------------------------------------------------------------
>
>                 Key: KI-6
>                 URL: https://issues.apache.org/jira/browse/KI-6
>             Project: Ki
>          Issue Type: Bug
>            Reporter: Peter Ledbrook
>            Assignee: Les Hazlewood
>
> If a web application is installed in the root context of a servlet container, the remember-me cookie defaults to a value of "" (because that's what {{request.getContextPath()}} returns). Unfortunately, this appears to attach the cookie to the current request's URL rather than the required root, "/". The offending code is in {{org.jsecurity.web.attr.CookieAttribute}} where the {{onStoreValue()}} method does this:
> {code}
> String path = getPath() != null ? getPath() : request.getContextPath()
> {code}
> We should either always append '/' to the context path or set the cookie path to "/" if the request context path is an empty string.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.