You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by bpon <re...@reply.github.com> on 2011/11/08 03:41:23 UTC

Re: [shiro] SHIRO-128: (c5cb465)

In SimpleCookie, this does a response.addHeader().  If the user is logging in and requests rememberMe, forgetIdentity() will add a rememberMe cookie with Max-Age=0, and here another rememberMe cookie will be set.

I think the behavior for setting two cookies with the same name in the same HTTP response is undefined in RFC2109.  In the latest Google Chrome, it looks like the Max-Age=0 one wins, so rememberMe is not working.

--- 
Reply to this email directly or view it on GitHub:
https://github.com/apache/shiro/commit/c5cb46538b3036d9ffcfdd300c17c2d380855ba6#commitcomment-701631