tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject Re: Session cookie not recognized in www. subdomain alias
Date Mon, 02 Dec 2002 02:58:28 GMT


On Sun, 1 Dec 2002, Garrett Smith wrote:

> Date: Sun, 1 Dec 2002 07:41:10 -0800 (PST)
> From: Garrett Smith <javadevmac2@yahoo.com>
> Reply-To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> To: tomcat-user@jakarta.apache.org
> Subject: Session cookie not recognized in www. subdomain alias
>
> Hello Tomcat Users,
>
>   I am having a problem with access to the www. alias of my site having a
> different session cookie.
>
> What is the proper way to make tomcat use ".dhtmlkitchen.com" for my session
> cookie?
>
> To see what I mean, go to http://dhtmlkitchen.com/ and then to
> http://www.dhtmlkitchen.com/ . You can see the obvious change by the colors
> (which are session-based).
>
> Proof:Javascript:alert(document.cookie)
>
> You'll see a different JSESSIONID cookie for www. alias "subdomain."
>
> I ask again: What is the proper way to make tomcat use ".dhtmlkitchen.com" for
> my session cookie?
>

You'll have to modify your own copy of Tomcat to do this if you want it,
because it would violate the servlet specification (as well as being a
potential security hole).

Craig


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message