Uploaded image for project: 'Seam 2'
  1. Seam 2
  2. JBSEAM-4398

RememberMe Issue - Base 64 encoded cookie containing '=' is not processed correctly in some cases

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.1.2.GA, 2.2.0.GA
    • Fix Version/s: The future
    • Component/s: None
    • Labels:
      None
    • Environment:

      Observed on Windows Vista, JBoss 5.1.0 GA. Problem likely exists on other operating systems and other Tomcat 6 based systems.

      Description

      When attempting to use the RememberMe component in auto-login mode I discovered a bug in the cookie handling of this component.

      When attempting to log using an auth token I was encountering repeated failures - the token was simply not being found in the database. After some investigation I discovered that the problem was that the value parameter passed into the query was truncated by one character - the last character was cut off.

      I tracked the problem further back, and discovered that the truncated value originated in JBoss' Tomcat. The cookie value being passed in was missing the last two '=' characters.

      Some Google searching revealed that this was deliberate - Tomcat 6 in the JBoss 5.1.0 GA configuration enforces strict character rules in the cookie value, which excludes '='.

      I'm not sure if Tomcat 6 is 'right' or not, but I do know that either way, this is a trivial issue to address on the Seam side.

      All one has to do is replace the '=' from the Base64 encoded token value with another allowed character (say '_' or '-') before placing it in a cookie, and reverse the process when reading a cookie.

      I have a patch for this issue on the 2.2.0 GA code. I simply need to know how to submit it.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  shane.bryzak Shane Bryzak
                  Reporter:
                  petermg Peter Goldstein
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated: