tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <>
Subject Re: Domain Names for Session Cookies
Date Sat, 17 Apr 2004 17:34:57 GMT
no. But the web client (browser) should be sending cookies in the most 
specific to least specific order so this should not be an issue.

An alternative is to use URL rewriting.


John Gibson wrote:
> I'm running Tomcat 4.0.6 with Apache 2.0.46 on RedHat Advanced Server 
> and I'm running into a problem with the domain for session cookies.
> I have a host setup as with an alias of
> When a client visits I create a cookie-based session for the 
> user.  Everything behaves correctly as long as all of the user's 
> requests to the server begin with, however if the user visits 
> the browser will not send the session cookie and 
> vice-versa.  As far as I can tell this is because the session cookies 
> that Tomcat creates have a domain that matches the requested domain. 
> However, if the cookies were created with a domain of "" then 
> they browser would send the cookie to both and 
> Is there any way to override the cookie domain that Tomcat uses when it 
> creates a cookie?
> If there is not a way to do that, then should I forego the usage of 
> Tomcat's session cookies and create my own cookies for session 
> management?  Is there a better way?

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message