You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Jeremy Haile (JIRA)" <ji...@apache.org> on 2008/12/05 21:00:48 UTC
[jira] Commented: (JSEC-34) Remember-me cookie path wrong if
servlet context path is root ("/")
[ https://issues.apache.org/jira/browse/JSEC-34?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12653913#action_12653913 ]
Jeremy Haile commented on JSEC-34:
----------------------------------
This is a valid issue. A workaround is to manually set the cookie path by either calling DefaultWebSecurityManager.setRememberMeCookiePath(...) or directly on the RememberMeManager by using WebRememberMeManager.setCookiePath(..)
Just set the cookie path to "/"
> Remember-me cookie path wrong if servlet context path is root ("/")
> -------------------------------------------------------------------
>
> Key: JSEC-34
> URL: https://issues.apache.org/jira/browse/JSEC-34
> Project: JSecurity
> Issue Type: Bug
> Components: Web
> Affects Versions: 0.9-RC1
> Reporter: Peter Ledbrook
> Fix For: 1.0
>
>
> If a web application is installed in the root context of a servlet container, the remember-me cookie defaults to a value of "" (because that's what {{request.getContextPath()}} returns). Unfortunately, this appears to attach the cookie to the current request's URL rather than the required root, "/". The offending code is in {{org.jsecurity.web.attr.CookieAttribute}} where the {{onStoreValue()}} method does this:
> {code}
> String path = getPath() != null ? getPath() : request.getContextPath()
> {code}
> We should either always append '/' to the context path or set the cookie path to "/" if the request context path is an empty string.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.