timur-han
commented
10 years ago OK, the problem was after restarting the application, a new key was generated and the cookie did not match the new generated key. So there is no problem with the code. Just a short remark doFinal already resets the mac, so there is no need to call it again.
Hi,
whenever a cookie is signed, i.e., starting with s:, the request fails. In YokeSecurity class the field val.equals(sign(str, mac)) of unsign method returns false and as a result null is returned. That means the sign method does not generate the same value in the second execution. Consequently, request returns a bad request and a silent stop is encountered without any error indication.