Default Cookie Domain may be empty String and prevent cookies from working in
Chrome and Opera
----------------------------------------------------------------------------------------------
Key: SLING-1721
URL: https://issues.apache.org/jira/browse/SLING-1721
Project: Sling
Issue Type: Bug
Components: Authentication
Affects Versions: Form Based Authentication 1.0.0
Reporter: Felix Meschberger
Assignee: Felix Meschberger
Fix For: Form Based Authentication 1.0.2
If configuration exists for the form based authentication handler, the default
cookie domain may be set to the empty string thus causing the cookies to be
created with an empty string domain attribute. This does not seem to be a
problem for Firefox but both Chrome and Opera don't accept these cookies thus
failing subsequent authentication through the Form Authentication Handler.
The fix probably is to (a) make sure an empty domain is "converted" to a null
domain and (b) to not send the form.cookiedomain cookie if the domain is not
set.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
