I’ve been checking out SnipSnap, a java-based wiki/weblog. I had asked why SnipSnap sites seemed to ask me to login again even after just 15 minutes idle time, and the developers told me that it shouldn’t be happening because they set an encrypted cookie which should invisibly log me back in.

Well, this cookie clearly was not being accepted by Safari, my browser of choice. However, I checked on MSIE and Mozilla Firebird, and in both, I had a cookie named “SnipSnapUser” with a 1-year lifespan, and on both, the “remember-me” functionality worked fine.

Out of curiosity, I tweaked the UserManager class in SnipSnap (I love open source) and changed a few things around. It turns out that if I removed a call to “cookie.setMaxAge()” in the UserManager, Safari would accept the “SnipSnapUser” cookie. Setting the max age to another value didn’t change anything.

I’m not sure if the real issue is with Safari, or with Jetty, the java-based web server which hosts SnipSnap installations. It’s a lot of work to get at the raw HTTP headers in this case, so I can’t see what the cookie looks like. But I clearly have other cookies set by other servers which do have expiration dates, and I have other cookies set by Jetty (like the Java SessionID) which have no expiration date set. Since other browsers accept the normal cookie from Jetty, I suspect it’s a Safari problem, so I’m pinging Dave Hyatt’s weblog with this bug report. (I’m not really clear which entry he wants us to track-back to, but I figure he’ll find it anywhere.)

It could be that Safari is just more strict about a specification that Jetty implements inaccurately, but given the choice of logging in more frequently or really getting to the bottom of this bug, I’ll just login more frequently…