[
https://issues.apache.org/jira/browse/SLING-1721?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger resolved SLING-1721.
--------------------------------------
Resolution: Fixed
Fixed in Rev. 991904 by ignoring empty cookie domains (configured or provided
by the cookie domain cookie)
> Default Cookie Domain may be empty String and prevent cookies from working in
> Chrome and Opera
> ----------------------------------------------------------------------------------------------
>
> Key: SLING-1721
> URL: https://issues.apache.org/jira/browse/SLING-1721
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Form Based Authentication 1.0.0
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: Form Based Authentication 1.0.2
>
>
> If configuration exists for the form based authentication handler, the
> default cookie domain may be set to the empty string thus causing the cookies
> to be created with an empty string domain attribute. This does not seem to be
> a problem for Firefox but both Chrome and Opera don't accept these cookies
> thus failing subsequent authentication through the Form Authentication
> Handler.
> The fix probably is to (a) make sure an empty domain is "converted" to a null
> domain and (b) to not send the form.cookiedomain cookie if the domain is not
> set.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
