Having grabbed the latest shiro-1.10 snapshot I started experiencing login issues in the application. Digging in further, I have noticed the following difference with cookies dropped at login between the earlier code drop and the newest: OLD: Set-Cookie: JSESSIONID=6fd35335-6dd6-4d37-9813-71264e027bfe; Path=/service; HttpOnly NEW: Set-Cookie: JSESSIONID=b11cc1ab-d812-44e5-af15-a291bdf3a6d7; Path=/service; Max-Age=-1; HttpOnly
The difference is the setting of Max-Age=1, which seems like the right thing to do according to http://www.faqs.org/rfcs/rfc2616.html. Unfortunately this causes Firefox to delete the cookie and not forward it on subsequent requests. IE is not affected by this change. This seems like a bug (even if it really is in Firefox), but perhaps the devs here have a suggestion to mitigate this. -- View this message in context: http://shiro-developer.582600.n2.nabble.com/shiro-1-10-snapshot-cookie-max-age-issues-tp5671317p5671317.html Sent from the Shiro Developer mailing list archive at Nabble.com.
