Closed erdlet closed 1 year ago
I think most of the redirect scope code was created by Oracle back then. I don't remember working on this very much TBH.
This is really weird. I agree with you that the context path should be used for the cookie. Only this makes sense to me. Because the redirect scope doesn't depend on the actual view being rendered. It basically just preserves data until the next page is rendered.
But even more weird is that it looks like the context path is actually used for the cookie. See this code:
Ah, I think I got it. It looks like you deployed your app to the root context path, correct. I guess this needs some special handling to use the path /
instead of a blank string, which will most likely be handled by the browser somehow.
See the special handling in CookieCsrfTokenStrategy
here:
Yes I deployed it to the root context, so I think you're right and we just need to use the same behavior than we use inside the mentioned CookieCsrfTokenStrategy
. I hope to find some time to write a few tests to investigate the exact behavior of the Cookie handling
I can't reproduce this issue by tests, so I guess it's a client specific problem. Nevertheless we should add the tests to the testsuite so we can ensure the behavior in the future.
Closing this as not reproducable.
Situation
In my application I've the following use-case:
IndexResource
is mapped to/
PostsResource
is mapped to/posts
A
POST
request is made to a update method, e. g./posts/update
to change aPost
s value. This method sets additionally a success message into aRedirectScoped
bean. Afterwards a redirect is performed to/
which contains a specific overview forPost
s. Now when using the default redirect behavior using URI rewriting everything works fine, but when Cookies are used instead, the values from theRedirectScoped
bean are shown at the/posts
resource instead of/
.After a look into the developer tools I recognized, that Krazo sets two Cookies for a redirect token with different paths, namely
/
and/posts
. As a result, the messages which I expect in the page returned by/
are stored in the/posts
Cookie and aren't displayed properly.Workaround
Use URL rewriting instead
Expected behavior
There is only one Cookie which contains the latest value for the redirect scope.
Possible solution
The
path
attribute for the Cookie is set to the MVC base path instead ofrequest.getContextPath()
.@chkal any thoughts on this? I saw you made the initial contribution a few years ago :P