Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-7269

<s:token> - cookie identifying the browser (javax.faces.ClientToken) might contain illegal characters

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • EAP_EWP 5.2.0
    • EAP_EWP 5.1.1
    • Seam
    • None
    • Workaround Exists
    • Hide

      Override the default clientUidSelector;

      @Name("org.jboss.seam.ui.clientUidSelector")
      @Install(precedence = Install.DEPLOYMENT)
      public class FixedClientUidSelector extends ClientUidSelector {

      private static final long serialVersionUID = -4923235748771706010L;
      private String clientUid;

      @Create
      public void onCreate()

      { setCookiePath(FacesContext.getCurrentInstance().getExternalContext().getRequestContextPath()); setCookieMaxAge(-1); setCookieEnabled(true); clientUid = getCookieValue(); }

      public void seed() {
      if (!isSet())

      { clientUid = RandomStringUtils.random(50, true, true); // Fixed setCookieValueIfEnabled(clientUid); }

      }

      public boolean isSet()

      { return clientUid != null; }

      public String getClientUid()

      { return clientUid; }

      @Override
      protected String getCookieName()

      { return "javax.faces.ClientToken"; }

      }

      Show
      Override the default clientUidSelector; @Name("org.jboss.seam.ui.clientUidSelector") @Install(precedence = Install.DEPLOYMENT) public class FixedClientUidSelector extends ClientUidSelector { private static final long serialVersionUID = -4923235748771706010L; private String clientUid; @Create public void onCreate() { setCookiePath(FacesContext.getCurrentInstance().getExternalContext().getRequestContextPath()); setCookieMaxAge(-1); setCookieEnabled(true); clientUid = getCookieValue(); } public void seed() { if (!isSet()) { clientUid = RandomStringUtils.random(50, true, true); // Fixed setCookieValueIfEnabled(clientUid); } } public boolean isSet() { return clientUid != null; } public String getClientUid() { return clientUid; } @Override protected String getCookieName() { return "javax.faces.ClientToken"; } }
    • Low
    • Not Required
    • NEW

      The cookie that uniquely identifies the browser is randomly generated and contains illegal characters, for example: semicolon ";"

      This cause org.jboss.seam.ui.UnauthorizedCommandException: viewId: /restricted/desktop.xhtml - Form signature invalid

              mnovotny@redhat.com Marek Novotny
              rhn-support-alazarot Alessandro Lazarotti
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: