2 Replies Latest reply on Feb 18, 2010 12:05 PM by Wulf Rowek

    Remember me is not working correctly with email as an username - general Selector-Cookie problem

    Wulf Rowek Newbie
      when using emails as usernames rememberme is not working correctly. it rembers only the user part of the email.

      due to debugging i found out, that the org.jboss.seam.faces.Selector which is used to store the username as an cookie to remember it uses version 0 (netscape spec) cookies.

      version 0 cookies can contain any chars in value w/o quoting it, except ',', ';' and ' '.

      in version 1 (RFC 2965 in conjunction with RFC 2616) rejecting more chars (i.e. '@') in an unqouted cookie value.

      it seams to be that tomcat recognizes version 0 cookies when sending them in an http response, so it doesn't force quoting the value unless there is one of ',', ';' or ' ' in the value. org.apache.tomcat.util.http.ServerCookie (with on exeption: one can set a system property org.apache.catalina.STRICT_SERVLET_COMPLIANCE = false, in this case a version 0 cookie will be handled as version 1 when processing the value for quoting).

      but tomcat parse cookies only in a version 1 way (org.apache.tomcat.util.http.Cookies), thus truncating an unqouted string on occurence of a separator char like '@'.

      my suggestion is to use version-1-conform cookies in org.jboss.seam.faces.Selector. just setting cookie.setVersion(1); in setCookieValueIfEnabled.

      or should seam care about that? has anybody an opinion?