From 886933746c5b4297e9ce5e878e46a6802967d673 Mon Sep 17 00:00:00 2001
From: markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Date: Thu, 1 Jul 2010 19:33:45 +0000
Subject: [PATCH] Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49525
 Cookies for ROOT context need a path of /

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@959754 13f79535-47bb-0310-9956-ffa450edef68
---
 java/org/apache/catalina/core/ApplicationSessionCookieConfig.java | 5 +++++
 webapps/docs/changelog.xml                                        | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java b/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java
index 4739fc3e1..b8d32bbc3 100644
--- a/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java
+++ b/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java
@@ -156,6 +156,11 @@ public class ApplicationSessionCookieConfig implements SessionCookieConfig {
         if (contextPath == null || contextPath.length() == 0) {
             contextPath = context.getEncodedPath();
         }
+        // Handle special case of ROOT context where cookies require a path of
+        // '/' but the servlet spec uses an empty string
+        if (contextPath.length() == 0) {
+            contextPath = "/";
+        }
         cookie.setPath(contextPath);
 
         return cookie;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index d79b9c902..7d6de84c3 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -79,6 +79,10 @@
         Use a LockOutRealm in the default configuration to prevent attempts to
         guess user passwords by brute-force. (markt)
       </add>
+      <fix>
+        <bug>49525</bug>: Ensure cookies for the ROOT context have a path of /
+        rather than an empty string. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">
-- 
2.11.0