I'm not able to reproduce the ArrayIndexOutOfBoundsException. I can reproduce various cipher exceptions (expected).
What versions of Shiro are you using? (both the version with rememberMe configured and without). I'm not sure I understand the "rememberMe" code you are referring to. Do you have custom Remember Me code in one application? And we are seeing a cookie name collision? On Mon, Jul 22, 2019 at 2:48 PM Brian Demers <[email protected]> wrote: > I'll try to reproduce this. > > On Mon, Jul 22, 2019 at 4:16 AM jubax <[email protected]> wrote: > >> Hi, >> >> >> Brian Demers wrote >> > Agreed, it should be a easy enough test to write, can you give us an >> > example of the cookie body. >> > My guess the apps are using different secrets (the one not defined is a >> > random key, but that one does’t set a cookie), so its the decryption >> that >> > is failing. >> > >> > If you are using the same set of cookies between apps you should >> configure >> > Shiro the same on both apps. >> > >> > -Brian (mobile) >> >> I would like to help, but I'm not sure what exactly you need. The >> shiro.ini >> files contain no special configuration properties regarding cookies, >> cypherkey etc. >> >> The cookie name is "rememberMe" and it just contains the realm names: >> >> String principal = (String) subject.getPrincipal(); >> String rememberMeToken = >> UUID.randomUUID().toString().toUpperCase(Locale.ROOT); >> Cookie newCookie = new SimpleCookie(getCookie()); >> newCookie.setValue(concat(rememberMeToken, >> subject.getPrincipals().getRealmNames())); >> newCookie.saveTo(request, response); >> >> Is this what you need? >> >> Thanks, >> >> Jürgen >> >> >> >> >> -- >> Sent from: http://shiro-user.582556.n2.nabble.com/ >> >
