[SHIRO-9] Remember-me cookie path wrong if servlet context path is root ("/") - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Description

If a web application is installed in the root context of a servlet container, the remember-me cookie defaults to a value of "" (because that's what request.getContextPath() returns). Unfortunately, this appears to attach the cookie to the current request's URL rather than the required root, "/". The offending code is in org.jsecurity.web.attr.CookieAttribute where the onStoreValue() method does this:

String path = getPath() != null ? getPath() : request.getContextPath()

We should either always append '/' to the context path or set the cookie path to "/" if the request context path is an empty string.

Attachments

Activity

People

Assignee:: Les Hazlewood

Reporter:: Peter Ledbrook

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 05/Dec/08 16:34

Updated:: 11/Jun/10 21:59

Resolved:: 21/Jan/09 06:04