Details
-
Bug
-
Resolution: Unsolved Mysteries
-
Medium
-
None
-
1.1.2
-
None
-
JBoss 4.2-GA
-
Severity 2 - Major
-
Description
I have configured Crowd to set the Cookie domain to the corporate domain name. When I installed the demo on my localhost it din't work. The authentication was performed successfully, but the demo just redirected me back to it's login page. The demo's log file stated:
13:00:24,207 INFO [STDOUT] 13:00:24,207 INFO atlassian.crowd.integration.http.VerifyTokenFilter: Authentication is not valid, redirecting to: http://localhost:8080/demo
I traced the problem to processClientCookieDomain(Cookie tokenCookie) in the HttpAuthenticator class.
If the Crowd server has been configured to use f.i. ".domain.com" as cookie domain, this is used in the cookie. The problem is that my browser uses localhost and it probably ignores the cookie completely. It will definitely not sent the cookie back to localhost when the domain is set to ".domain.com", thus the application will handle the user as not authenticated.
When I removed the ".domain.com" setting from the Crowd configuration, the cookie was created with no domain set and I was able to sign in to the demo application.
Attachments
Issue Links
- details
-
CWD-1093 Allow for multiple domains for cookies
- Closed