Uploaded image for project: 'Application Server 7'
  1. Application Server 7
  2. AS7-1283

Cookie-Based Sessions Broken

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: 7.0.0.Final
    • Fix Version/s: 7.0.1.Final
    • Component/s: None
    • Labels:
      None

      Description

      See http://community.jboss.org/message/612763 and http://lists.jboss.org/pipermail/jboss-as7-dev/2011-July/003120.html.

      Essentially cookie-based sessions are broken in major browsers and curl unless -Dorg.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR=false is passed on boot. It's likely a large percentage of the people that try AS7 Final will run into this issue and have to spend time trying to figure out why sessions aren't working.

      To summarize the above links, what's happening is the cookie's Path value is being enclosed in quotes. Browsers don't expect this and thus when the browser receives a cookie it doesn't send that cookie back on subsequent requests because the browser doesn't think the cookie's Path value matches the user's path.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  rmaucher Remy Maucherat
                  Reporter:
                  benbrowning Benjamin Browning
                • Votes:
                  3 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: