3 Replies Latest reply on Aug 31, 2009 6:54 PM by Peter Goldstein

    RememberMe Bug - Cookie contains '='

    Peter Goldstein Newbie
      When attempting to use the RememberMe component in auto-login mode I discovered a bug in the cookie handling of this component.

      My system is:

      JBoss 5.1.0 GA
      Seam 2.1.2

      When attempting to log using an auth token I was encountering repeated failures - the token was simply not being found in the database.  After some investigation I discovered that the problem was that the value parameter passed into the query was truncated by one character - the last character was cut off.

      I tracked the problem further back, and discovered that the truncated value originated in JBoss' Tomcat.  The cookie value being passed in was missing the last two '=' characters.

      Some Google searching revealed that this was deliberate - Tomcat 6 in the JBoss 5.1.0 GA configuration enforces strict character rules in the cookie value, which excludes '='. 

      I'm not sure if Tomcat 6 is 'right' or not, but I do know that either way, this is a trivial issue to address on the Seam side. 

      All one has to do is replace the '=' from the Base64 encoded token value with another allowed character (say 'g' or '-') before placing it in a cookie, and reverse the process when reading a cookie.

      What steps are required to file this as a bug/submit a patch?  I've reviewed the code and the change is straightforward.

      Thanks.

      --Peter