[Bug] RememberMe does not Remember me after deletion of SessionCookie #1048
Milestone
Comments
lprimak
added a commit
that referenced
this issue
Sep 3, 2023
#1048: Solved base64 problem with remember me cookie.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Search before asking
Environment
Wildfly 26
Shiro version
2.0.0-alpha-3
What was the actual outcome?
I had to login in again and an exception was logged in the server log (see below)
What was the expected outcome?
I still was logged in.
How to reproduce
Be sure the value of the remembe-me cookie in (Firefox) ends with a '='.
Debug logs
2023-08-24 20:22:20,144 WARN [org.apache.shiro.web.mgt.CookieRememberMeManager] (default task-1) Unable to decode existing base64 encoded entity: [rjzNp+Fy9WOpFkE4fz9giXYNJISADfyWcE7ys6JqH1hoeO072R+svonp2E/t/FgwbfkAsX/jNQhBQ3OfWFuGHqXTFK4skVDcMB230OiJLjIdDA51W3YzAxZtaN1tQDbI1rQtChs4tH1Gyf8GBPfKLpXERpweRw4jT5ppUZVkoSt+eKNAWj0BOY/PSuABXDPm2nAfF6de1uQJnMNoxrCsC5vMFWGQ7f7UDsvS6iaQUXi02y7Gj2FbC+73gBiZBmX13Y3O5KWHe0XNtdm8W3M+dvUtYwzpEYrH1jUHqKKfbJtP1WViF1CCN+GgYqiUmco3kxvAFxw5WAN5lP4j7R8nzyivU0EwVb7x+2Fhve6y4B6w6fCbD0JIgjMk2IZZzyvyhKSK7NAfuKHf8rtTE2Gln8+TdTeRSZAwgx4FSl0jcpOgik+cMAMpiVC5NlQ+jxWCPbNUHKdM+7xxht+cqBtJgp8ZNgC5olhEmTgjYuRFmf0bKETJrFvnnX/DkwzJ/OAESsxtjCJF6nb0h61BlPvsyIMBqxnotWhvP8a7hYYrSRN6IwdsveD96VE1hkvwPSpvmYt5GHSG7VOxI9s1KoSkQDYg5s/9DTKgblnVCHkoYeNFfmK0nuxaixRNfPydXI4/BVESGFy8S0VZE2WHni3KIELu+7prZ3Qz7RRAXPOBRtAUREHG8jKvoMFEcSqDIg92UQ7xmjE7EoBPji4ESv9GzRdL8ZtScRXAekWwoOCSCa3qwXCYkvPp4C1k7C6VusthOaMvj4E===].: java.lang.IllegalArgumentException: Input byte array has incorrect ending byte at 776
at java.base/java.util.Base64$Decoder.decode0(Base64.java:771)
at java.base/java.util.Base64$Decoder.decode(Base64.java:535)
at deployment.aliassen-web-23.01.war//org.apache.shiro.lang.codec.Base64.decode(Base64.java:104)
at deployment.aliassen-web-23.01.war//org.apache.shiro.lang.codec.Base64.decode(Base64.java:94)
at deployment.aliassen-web-23.01.war//org.apache.shiro.web.mgt.CookieRememberMeManager.getRememberedSerializedIdentity(CookieRememberMeManager.java:224)
at deployment.aliassen-web-23.01.war//org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:394)
at deployment.aliassen-web-23.01.war//org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:613)
at deployment.aliassen-web-23.01.war//org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:501)
at deployment.aliassen-web-23.01.war//org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:347)
at deployment.aliassen-web-23.01.war//org.apache.shiro.ee.filters.ShiroFilter$WrappedSecurityManager.createSubject(ShiroFilter.java:167)
at deployment.aliassen-web-23.01.war//org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:845)
at deployment.aliassen-web-23.01.war//org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
at deployment.aliassen-web-23.01.war//org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:300)
at deployment.aliassen-web-23.01.war//org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:367)
at deployment.aliassen-web-23.01.war//org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:154)
at io.undertow.servlet@2.2.19.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet@2.2.19.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet@2.2.19.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet@2.2.19.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet@2.2.19.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at io.undertow.servlet@2.2.19.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.security.elytron-web.undertow-server@1.10.1.Final//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.lambda$handleRequest$1(ElytronRunAsHandler.java:68)
at org.wildfly.security.elytron-base@1.19.1.Final//org.wildfly.security.auth.server.FlexibleIdentityAssociation.runAsFunctionEx(FlexibleIdentityAssociation.java:103)
at org.wildfly.security.elytron-base@1.19.1.Final//org.wildfly.security.auth.server.Scoped.runAsFunctionEx(Scoped.java:161)
at org.wildfly.security.elytron-base@1.19.1.Final//org.wildfly.security.auth.server.Scoped.runAs(Scoped.java:73)
at org.wildfly.security.elytron-web.undertow-server@1.10.1.Final//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.handleRequest(ElytronRunAsHandler.java:67)
at io.undertow.servlet@2.2.19.Final//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
at io.undertow.servlet@2.2.19.Final//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
at io.undertow.servlet@2.2.19.Final//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.core@2.2.19.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.core@2.2.19.Final//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet@2.2.19.Final//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.core@2.2.19.Final//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at org.wildfly.security.elytron-web.undertow-server-servlet@1.10.1.Final//org.wildfly.elytron.web.undertow.server.servlet.CleanUpHandler.handleRequest(CleanUpHandler.java:38)
at io.undertow.core@2.2.19.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@26.1.3.Final//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.core@2.2.19.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@26.1.3.Final//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at io.undertow.servlet@2.2.19.Final//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
at io.undertow.core@2.2.19.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.2.19.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:275)
at io.undertow.servlet@2.2.19.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:79)
at io.undertow.servlet@2.2.19.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:134)
at io.undertow.servlet@2.2.19.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:131)
at io.undertow.servlet@2.2.19.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet@2.2.19.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow@26.1.3.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
at org.wildfly.extension.undertow@26.1.3.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
at org.wildfly.extension.undertow@26.1.3.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
at org.wildfly.extension.undertow@26.1.3.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
at org.wildfly.extension.undertow@26.1.3.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
at io.undertow.servlet@2.2.19.Final//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:255)
at io.undertow.servlet@2.2.19.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:79)
at io.undertow.servlet@2.2.19.Final//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:100)
at io.undertow.core@2.2.19.Final//io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
at io.undertow.core@2.2.19.Final//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:852)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at org.jboss.xnio@3.8.7.Final//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1282)
at java.base/java.lang.Thread.run(Thread.java:834)
The text was updated successfully, but these errors were encountered: