What Jira issue was this fix checked in under? I want to merge the fix into my sandbox branch to see if it fixes SHIRO-212.
Regards, Alan On Oct 25, 2010, at 9:43 AM, Kalle Korhonen wrote: > I appreciate the report. The cookie spec is a bit vague on this and > unfortunately browsers handle the corner cases differently. Please > grab the latest snapshot later today (I just checked in a fix) which > should resolve this but also keep the fix for the original issue in > place. > > Kalle > > > On Mon, Oct 25, 2010 at 9:17 AM, Mike K <[email protected]> wrote: >> >> Having grabbed the latest shiro-1.10 snapshot I started experiencing login >> issues in the application. Digging in further, I have noticed the following >> difference with cookies dropped at login between the earlier code drop and >> the newest: >> OLD: >> Set-Cookie: JSESSIONID=6fd35335-6dd6-4d37-9813-71264e027bfe; Path=/service; >> HttpOnly >> NEW: >> Set-Cookie: JSESSIONID=b11cc1ab-d812-44e5-af15-a291bdf3a6d7; Path=/service; >> Max-Age=-1; HttpOnly >> >> >> The difference is the setting of Max-Age=1, which seems like the right thing >> to do according to http://www.faqs.org/rfcs/rfc2616.html. Unfortunately >> this causes Firefox to delete the cookie and not forward it on subsequent >> requests. IE is not affected by this change. >> >> This seems like a bug (even if it really is in Firefox), but perhaps the >> devs here have a suggestion to mitigate this. >> -- >> View this message in context: >> http://shiro-developer.582600.n2.nabble.com/shiro-1-10-snapshot-cookie-max-age-issues-tp5671317p5671317.html >> Sent from the Shiro Developer mailing list archive at Nabble.com. >>
