when using emails as usernames rememberme is not working correctly. it rembers only the user part of the email.

due to debugging i found out, that the org.jboss.seam.faces.Selector which is used to store the username as an cookie to remember it uses version 0 (netscape spec) cookies.

version 0 cookies can contain any chars in value w/o quoting it, except ',', ';' and ' '.

in version 1 (RFC 2965 in conjunction with RFC 2616) rejecting more chars (i.e. '@') in an unqouted cookie value.

it seams to be that tomcat recognizes version 0 cookies when sending them in an http response, so it doesn't force quoting the value unless there is one of ',', ';' or ' ' in the value. org.apache.tomcat.util.http.ServerCookie (with on exeption: one can set a system property org.apache.catalina.STRICT_SERVLET_COMPLIANCE = false, in this case a version 0 cookie will be handled as version 1 when processing the value for quoting).

but tomcat parse cookies only in a version 1 way (org.apache.tomcat.util.http.Cookies), thus truncating an unqouted string on occurence of a separator char like '@'.

my suggestion is to use version-1-conform cookies in org.jboss.seam.faces.Selector. just setting cookie.setVersion(1); in setCookieValueIfEnabled.

or should seam care about that? has anybody an opinion?