Rememberme (as cookies) dont work in IE!?
Brought to you by:
chris_schultz,
maxcooper
Menu
▾
▴
Hi,
I´ve been using securityfilter fow awhile in some projects and it has been working pretty fine. Now, I need to use its function to store the cookies from the users in order to keep them logged in the system even if they close their browsers. I have already looked the example-project brought as securityfilter-rememberme.war inside the zip of the securityfilter we download.
I have checked the configuration file and its attributes like 'useIp', 'cookieLife' and so forth, and I also checked the use of these attributes in the classes DefaultPersistentLoginManager and FormAuthenticator.
Well, everythings seemed to be fine but somehow the heel of the Internet Explorer is not storing all the cookies that DefaultPersistentLoginManager asks to save (the 4 cookies added in the response object). I have already configured IE to allow any kind of cookies, for any site, I added my site in the 'security sites list' etc but when I close it and open again I can´t come logged in the system! It doesn´t matter, when I check in my folder called 'temporary folders' that IE uses, not all the cookies are there (BEFORE I close the brower). Since many others sites seems to use the same function (to store cookies and retrieve them), what would be the cause for this problem, and how to solve it? Should it study a secure police I don´t know? Has securityfilter has a unknown bug for that until now?
I have changed the way DefaultPersistentLoginManager stores and retrieves its cookies, by using only one cookie (I put the values of the cookies all together as one value, joined by a string separator I invented.. so I can split it later to retrieve each value...), but the same problem happens: IE is not saving the cookies, so the function to keep logged obviously do never work!
PS: this problem never happened with Firefox for me.
Well, nobody has presented a solution, but I found a trick to solve it. Some of the cookies wich were been tried to be saved had some illegal characters in their names or values. I mean, the methods for encryption were changing the values in such way that some symbols like '/' and others were being added.
Plus, I also set their cookies' path to '/' that makes then public (according to SUN's javadoc) and set some comment for then.
So, what was your solution? IIRC, sf uses base64 encoding to encode the encrypted data, which should work just fine with cookie values (yes, '/' is one of the characters used for base64 output.
You might be running into this problem: http://cephas.net/blog/2008/11/18/tomcat-6018-version-1-cookies-acegi-remember-me-and-ie/
So, perhaps the solution is to simplify the data generated by sf by using a simpler encoding such as simple hex encoding like 0x0a = "0a", etc. instead of using base64.
That would be a simple fix to the code and should eliminate the problem entirely.