From 6eff4d90b7283c16d6bba640cf592118883dbec3 Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Tue, 12 Jan 2010 00:49:53 +0000
Subject: [PATCH] SEC-1356: Modify AbstractRememberMeService to check the
 cookie path as well as the name when extracting it from the incoming request.

This makes things consistent with the cookie setting methods. If someone wants to share a cookie between multiple applications then they should modify the cookie extraction and setting methods to use a less-specific path.
---
 .../rememberme/AbstractRememberMeServices.java     | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
index 77973f628a..08879c0140 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
@@ -109,6 +109,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 
     /**
      * Locates the Spring Security remember me cookie in the request and returns its value.
+     * The cookie is searched for by name and also by matching the context path to the cookie path.
      *
      * @param request the submitted request which is to be authenticated
      * @return the cookie value (if present), null otherwise.
@@ -120,8 +121,10 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
             return null;
         }
 
+        String requiredPath = getCookiePath(request);
+
         for (int i = 0; i < cookies.length; i++) {
-            if (cookieName.equals(cookies[i].getName())) {
+            if (cookieName.equals(cookies[i].getName()) && requiredPath.equals(cookies[i].getPath())) {
                 return cookies[i].getValue();
             }
         }
@@ -129,6 +132,11 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
         return null;
     }
 
+    private String getCookiePath(HttpServletRequest request) {
+        String contextPath = request.getContextPath();
+        return contextPath.length() > 0 ? contextPath : "/";
+    }
+
     /**
      * Creates the final <tt>Authentication</tt> object returned from the <tt>autoLogin</tt> method.
      * <p>
@@ -295,7 +303,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
         logger.debug("Cancelling cookie");
         Cookie cookie = new Cookie(cookieName, null);
         cookie.setMaxAge(0);
-        cookie.setPath(StringUtils.hasLength(request.getContextPath()) ? request.getContextPath() : "/");
+        cookie.setPath(getCookiePath(request));
 
         response.addCookie(cookie);
     }
@@ -312,7 +320,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
         String cookieValue = encodeCookie(tokens);
         Cookie cookie = new Cookie(cookieName, cookieValue);
         cookie.setMaxAge(maxAge);
-        cookie.setPath(StringUtils.hasLength(request.getContextPath()) ? request.getContextPath() : "/");
+        cookie.setPath(getCookiePath(request));
         cookie.setSecure(useSecureCookie);
         response.addCookie(cookie);
     }