You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Carsten Ziegeler (JIRA)" <ji...@apache.org> on 2010/12/20 15:55:04 UTC
[jira] Closed: (SLING-1721) Default Cookie Domain may be empty
String and prevent cookies from working in Chrome and Opera
[ https://issues.apache.org/jira/browse/SLING-1721?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carsten Ziegeler closed SLING-1721.
-----------------------------------
> Default Cookie Domain may be empty String and prevent cookies from working in Chrome and Opera
> ----------------------------------------------------------------------------------------------
>
> Key: SLING-1721
> URL: https://issues.apache.org/jira/browse/SLING-1721
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Form Based Authentication 1.0.0
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: Form Based Authentication 1.0.2
>
>
> If configuration exists for the form based authentication handler, the default cookie domain may be set to the empty string thus causing the cookies to be created with an empty string domain attribute. This does not seem to be a problem for Firefox but both Chrome and Opera don't accept these cookies thus failing subsequent authentication through the Form Authentication Handler.
> The fix probably is to (a) make sure an empty domain is "converted" to a null domain and (b) to not send the form.cookiedomain cookie if the domain is not set.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.