Uploaded image for project: 'Application Server 7'
  1. Application Server 7
  2. AS7-1283

Cookie-Based Sessions Broken

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • 7.0.1.Final
    • 7.0.0.Final
    • None
    • None

    Description

      See http://community.jboss.org/message/612763 and http://lists.jboss.org/pipermail/jboss-as7-dev/2011-July/003120.html.

      Essentially cookie-based sessions are broken in major browsers and curl unless -Dorg.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR=false is passed on boot. It's likely a large percentage of the people that try AS7 Final will run into this issue and have to spend time trying to figure out why sessions aren't working.

      To summarize the above links, what's happening is the cookie's Path value is being enclosed in quotes. Browsers don't expect this and thus when the browser receives a cookie it doesn't send that cookie back on subsequent requests because the browser doesn't think the cookie's Path value matches the user's path.

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. AS7-1216 NonexistentConversationException when attempting to restore a long-running conversation on AS 7 CR1 and not beta3

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              rmaucher Remy Maucherat
              bbrownin@redhat.com Ben Browning
              Votes:
              3 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: