SEC-206: Include context root when generating cookies.

core/src/main/java/org/acegisecurity/ui/rememberme/TokenBasedRememberMeServices.java

@@ -262,7 +262,7 @@ public class TokenBasedRememberMeServices implements RememberMeServices,
             logger.debug("Cancelling cookie for reason: " + reasonForLog);
         }
 
-        response.addCookie(makeCancelCookie());
+        response.addCookie(makeCancelCookie(request));
     }
 
     public String getKey() {
@@ -330,7 +330,7 @@ public class TokenBasedRememberMeServices implements RememberMeServices,
         String tokenValue = username + ":" + expiryTime + ":" + signatureValue;
         String tokenValueBase64 = new String(Base64.encodeBase64(
                     tokenValue.getBytes()));
-        response.addCookie(makeValidCookie(expiryTime, tokenValueBase64));
+        response.addCookie(makeValidCookie(expiryTime, tokenValueBase64, request));
 
         if (logger.isDebugEnabled()) {
             logger.debug("Added remember-me cookie for user '" + username
@@ -338,19 +338,21 @@ public class TokenBasedRememberMeServices implements RememberMeServices,
         }
     }
 
-    protected Cookie makeCancelCookie() {
+    protected Cookie makeCancelCookie(HttpServletRequest request) {
         Cookie cookie = new Cookie(ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
                 null);
         cookie.setMaxAge(0);
+        cookie.setPath(request.getContextPath());
 
         return cookie;
     }
 
-    protected Cookie makeValidCookie(long expiryTime, String tokenValueBase64) {
+    protected Cookie makeValidCookie(long expiryTime, String tokenValueBase64, HttpServletRequest request) {
         Cookie cookie = new Cookie(ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
                 tokenValueBase64);
         cookie.setMaxAge(60 * 60 * 24 * 365 * 5); // 5 years
-
+        cookie.setPath(request.getContextPath());
+        
         return cookie;
     }