tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shapira, Yoav" <Yoav.Shap...@mpi.com>
Subject RE: Configure Tomcat's Session Cookie Domain?
Date Wed, 17 Nov 2004 13:23:08 GMT

Hi,
It's to adhere to secure HTTP/HTTPS behavior.  This is why we allow for
custom session managers like you've done ;)

Yoav Shapira http://www.yoavshapira.com
 

>-----Original Message-----
>From: Joe Reger, Jr. [mailto:joe@joereger.com]
>Sent: Tuesday, November 16, 2004 8:18 PM
>To: 'Tomcat Users List'
>Subject: RE: Configure Tomcat's Session Cookie Domain?
>
>
>Thanks.  What I suspected.  Is this to adhere to a spec, or simply
>functionality not (yet?) developed for Tomcat?
>
>I've created a workaround session manager that manually sets its own
>cookies.  One result being that my scaling strategy can't rely on the
>session replication of Tomcat... I'll have to use a firewall with
sticky
>sessions.  But enough whining from me... like always, there's a
workaround.
>
>Best,
>
>Joe
>
>-----Original Message-----
>From: Tim Funk [mailto:funkman@joedog.org]
>Sent: Tuesday, November 16, 2004 7:12 PM
>To: Tomcat Users List
>Subject: Re: Configure Tomcat's Session Cookie Domain?
>
>Nope. Can't do it.
>
>But if you really need it to be more domain generic - there is nothing
>stopping you from expiring the JSESSIONID cookie and setting a newer
one at
>a more generic level. (But this will probably cause future issues)
>
>-Tim
>
>Joe Reger, Jr. wrote:
>> Hi.
>>
>> Is there any way to specify the domain of the cookie that Tomcat sets
>> to maintain session across requests?
>>
>> In java there's javax.servlet.http.Cookie.setDomain(java.lang.String
>> pattern) that allows me to set it to something like
".joereger.com"...
>> which allows a cookie to persist across "one.joereger.com",
>> "two.joereger.com", "three.joereger.com" and so on.
>>
>> Anything like this in Tomcat's configuration?  I've also looked into
>> the <jsp:useBean> tags but haven't found anything that does what I'm
>> looking for.
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org




This e-mail, including any attachments, is a confidential business communication, and may
contain information that is confidential, proprietary and/or privileged.  This e-mail is intended
only for the individual(s) to whom it is addressed, and may not be saved, copied, printed,
disclosed or used by anyone else.  If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender.  Thank you.


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message