Jan 19th, 2010, 12:40 PM
Problem with extracting cookie path
Ever since upgrading to Spring Security 3.0.1 yesterday our remember-me cookies are no longer working. I noticed the recent change in the extractRememberMeCookie() method (SEC-1356) which seems okay, but cookies[i].getPath() is always returning null, and so the entire method returns null. This is true even though I've looked in my browser and the cookie path is valid.
Anyone have any ideas why this might be happening?
Jan 19th, 2010, 03:37 PM
Hmm. Actually I think the fix for SEC-1356 is brain damaged. The browser won't submit the path, just use it to determine whether to send the cookie, so the server doesn't know what the path is, just that it received the cookie. I'll reopen the issue.
Tags for this Thread