[jboss-jira] [JBoss JIRA] Commented: (JBWEB-107) Cross Domain JSESSIONID Cookie

Wednesday, 21 May 2008

    [ http://jira.jboss.com/jira/browse/JBWEB-107?page=comments#action_12413616 ] 

Remy Maucherat commented on JBWEB-107:
--------------------------------------

You can wrap. I am not implementing this right now, since the next servlet spec will add
session cookie configuration, and I don't want to add some duplicate conflicting
configuration as part of a quick hack.

...
 Cross Domain JSESSIONID Cookie
 ------------------------------

                 Key: JBWEB-107
                 URL: http://jira.jboss.com/jira/browse/JBWEB-107
             Project: JBoss Web
          Issue Type: Feature Request
      Security Level: Public(Everyone can see) 
          Components: Tomcat Module
            Reporter: Mike Millson
         Assigned To: Remy Maucherat
         Attachments: SessionCookiePathValve.java

 Currently the JSESSIONID cookie domain is set to the domain name of the Host that emits
the cookie (e.g. www.domain.com). This is an issue with customers using Aliases (e.g.
secure.domain.com, zzz.domain.com, etc.), as the session is lost when switching between
the main domain and any aliases. In these cases, it would be useful to be able to specify
the domain to be "domain.com" so the same JSESSIONID cookie is used across the
aliases and converges to the same session. 
-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-jira] [JBoss JIRA] Commented: (JBWEB-107) Cross Domain JSESSIONID Cookie