This content has been marked as final. Show 2 replies
oh, fine. sorry, i didn't found it via google and forget to search in jira directly.
hope it helps what i found out. i've posted it as a comment in jira as well.
additionally after fixing this i found out that there is another probleme with remeberme type=autoLogin:
Due to the fact that the authtoken cookie value will be encoded base64 with linebreaks the same tomcat class ServerCookie rejects this cookie on long usernames (and hence long base64 code), cause there are no control characters allowed in cookie values but base64 inserts a linebreak after 76 chars.
this is even not allowed in qouted values. so the encoding should use base64 with no linebreaks in RememberMe.encodeToken(String, String).
should i report a separate bug for this?