Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-7269

<s:token> - cookie identifying the browser (javax.faces.ClientToken) might contain illegal characters

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: EAP_EWP 5.1.1
    • Fix Version/s: EAP_EWP 5.2.0
    • Component/s: Seam
    • Labels:
      None
    • Forum Reference:
    • Workaround:
      Workaround Exists
    • Workaround Description:
      Hide

      Override the default clientUidSelector;

      @Name("org.jboss.seam.ui.clientUidSelector")
      @Install(precedence = Install.DEPLOYMENT)
      public class FixedClientUidSelector extends ClientUidSelector {

      private static final long serialVersionUID = -4923235748771706010L;
      private String clientUid;

      @Create
      public void onCreate()

      { setCookiePath(FacesContext.getCurrentInstance().getExternalContext().getRequestContextPath()); setCookieMaxAge(-1); setCookieEnabled(true); clientUid = getCookieValue(); }

      public void seed() {
      if (!isSet())

      { clientUid = RandomStringUtils.random(50, true, true); // Fixed setCookieValueIfEnabled(clientUid); }

      }

      public boolean isSet()

      { return clientUid != null; }

      public String getClientUid()

      { return clientUid; }

      @Override
      protected String getCookieName()

      { return "javax.faces.ClientToken"; }

      }

      Show
      Override the default clientUidSelector; @Name("org.jboss.seam.ui.clientUidSelector") @Install(precedence = Install.DEPLOYMENT) public class FixedClientUidSelector extends ClientUidSelector { private static final long serialVersionUID = -4923235748771706010L; private String clientUid; @Create public void onCreate() { setCookiePath(FacesContext.getCurrentInstance().getExternalContext().getRequestContextPath()); setCookieMaxAge(-1); setCookieEnabled(true); clientUid = getCookieValue(); } public void seed() { if (!isSet()) { clientUid = RandomStringUtils.random(50, true, true); // Fixed setCookieValueIfEnabled(clientUid); } } public boolean isSet() { return clientUid != null; } public String getClientUid() { return clientUid; } @Override protected String getCookieName() { return "javax.faces.ClientToken"; } }
    • Estimated Difficulty:
      Low
    • Release Notes Docs Status:
      Not Required
    • Docs QE Status:
      NEW

      Description

      The cookie that uniquely identifies the browser is randomly generated and contains illegal characters, for example: semicolon ";"

      This cause org.jboss.seam.ui.UnauthorizedCommandException: viewId: /restricted/desktop.xhtml - Form signature invalid

        Gliffy Diagrams

          Attachments

            Issue Links

            cloned from

            Bug - A problem which impairs or prevents the functions of the product. JBSEAM-4503 <s:token> - cookie identifying the browser (javax.faces.ClientToken) might contain illegal characters

            • Major - A request that should be considered seriously but is not a show stopper.
            • Closed
            duplicates

            Bug - A problem which impairs or prevents the functions of the product. JBPAPP-7183 Back port fix - Cookie path being set to empty string via getRequestContextPath forming invalid cookies in IE

            • Major - A request that should be considered seriously but is not a show stopper.
            • Closed

              Activity

                People

                • Assignee:
                  manaRH Marek Novotny
                  Reporter:
                  alessandrolt Alessandro Lazarotti
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: