3 Replies Latest reply on May 4, 2009 2:19 PM by dea.dea.rapas.ru

    Seam stores cookies incorrectly for web application with emty root path

    dea.dea.rapas.ru

      There is a bug in Seam 2.1.1GA that prevents RememberMe functionality to work properly.
      This occurs when web application is deployed with empty context root path and can be reproduced in Firefox 3.0.8.


      There was similar bug reported for Spring: http://jira.springframework.org/browse/SEC-364


      The cause is empty cookie path that also set in org.jboss.seam.faces.Selector when context root of deployed web app is empty.
      An empty cookie path results in inconsistent behavior between ie and firefox: ie presumes / whereas firefox presumes the leading path for the current request. Chrome 1.0 also does not like empty cookie path.


      The bug can be fixed if method
      public void setCookiePath(String cookiePath)
      of org.jboss.seam.faces.Selector will be modified in the same way:



      public void setCookiePath(String cookiePath)
         {
              /* firefox does not like empty cookie path */
              if (cookiePath == null || cookiePath.isEmpty()) {
                  this.cookiePath = "/";
              } else {
                      this.cookiePath = cookiePath;
              }
         }