From 6bae43d380f4798561afd177709dfd6fa03ee3e0 Mon Sep 17 00:00:00 2001
From: Ben Alex <ben.alex@springsource.com>
Date: Wed, 26 Apr 2006 03:35:33 +0000
Subject: [PATCH] SEC-206: Include context root when generating cookies.

---
 .../ui/rememberme/TokenBasedRememberMeServices.java  | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/core/src/main/java/org/acegisecurity/ui/rememberme/TokenBasedRememberMeServices.java b/core/src/main/java/org/acegisecurity/ui/rememberme/TokenBasedRememberMeServices.java
index ffd5dd90d4..b2d2a4aca0 100644
--- a/core/src/main/java/org/acegisecurity/ui/rememberme/TokenBasedRememberMeServices.java
+++ b/core/src/main/java/org/acegisecurity/ui/rememberme/TokenBasedRememberMeServices.java
@@ -262,7 +262,7 @@ public class TokenBasedRememberMeServices implements RememberMeServices,
             logger.debug("Cancelling cookie for reason: " + reasonForLog);
         }
 
-        response.addCookie(makeCancelCookie());
+        response.addCookie(makeCancelCookie(request));
     }
 
     public String getKey() {
@@ -330,7 +330,7 @@ public class TokenBasedRememberMeServices implements RememberMeServices,
         String tokenValue = username + ":" + expiryTime + ":" + signatureValue;
         String tokenValueBase64 = new String(Base64.encodeBase64(
                     tokenValue.getBytes()));
-        response.addCookie(makeValidCookie(expiryTime, tokenValueBase64));
+        response.addCookie(makeValidCookie(expiryTime, tokenValueBase64, request));
 
         if (logger.isDebugEnabled()) {
             logger.debug("Added remember-me cookie for user '" + username
@@ -338,19 +338,21 @@ public class TokenBasedRememberMeServices implements RememberMeServices,
         }
     }
 
-    protected Cookie makeCancelCookie() {
+    protected Cookie makeCancelCookie(HttpServletRequest request) {
         Cookie cookie = new Cookie(ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
                 null);
         cookie.setMaxAge(0);
+        cookie.setPath(request.getContextPath());
 
         return cookie;
     }
 
-    protected Cookie makeValidCookie(long expiryTime, String tokenValueBase64) {
+    protected Cookie makeValidCookie(long expiryTime, String tokenValueBase64, HttpServletRequest request) {
         Cookie cookie = new Cookie(ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
                 tokenValueBase64);
         cookie.setMaxAge(60 * 60 * 24 * 365 * 5); // 5 years
-
+        cookie.setPath(request.getContextPath());
+        
         return cookie;
     }