tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Johnny Kewl" <>
Subject Re: Session Cookie and IE7
Date Wed, 04 Apr 2007 10:14:31 GMT
I really not sure, still on IE6... but no one is talking so I'm going to 

I think so, but I dont use IE7 so who knows.... but have a look at this 
its ASP, but its easy reading and explains the concept....

and then look up setDomain in javax.servlet.http.Cookie

Before you buy domain names, you could test it from 2 machine in the 
office.... just set domain names in the HOSTS file in system32/drivers/etc

Only thing I could find on IE7 was this... its set to medium, which 

Medium High Cookies from third-party websites that do not have a
compact policy (a condensed, computer-readable privacy statement) will
be blocked.

Now if the above doesnt work, then I think nothing will.... so then I would 
put a (condensed, computer-readable privacy statement) on the web server, 
dont ask me how, must be in the help files.... but it would say.... "To stop 
this irritating Microsoft message.... change your setting to Cookie Low".... 
ha ha.

I think your domain idea will work....

Have you guys noticed how much Antivirus Stuff microsoft is updating.... 
this whole security thing is driving me nuts, like other day I opened an old 
web page I had with (file) links to files on local machine... those links 
dont work anymore.... blocked.
Seems like Bill wants to kick Norton and Avast and the others out of 
business, as they decide to become their own (one and only) AntiVirus 
 I think developers need to watch this area, because as MS close holes and 
string their antivirus program together, in the process programmers finding 
all sorts of new issues. Good time to sell your Norton shares... nasty Bill 
is coming... I think.

----- Original Message ----- 
From: "john hufnagle" <>
To: <>
Sent: Tuesday, April 03, 2007 3:35 PM
Subject: Session Cookie and IE7

A partner of our company has a web site that includes HTML generated by our
Tomcat web app.

They use an <iframe> to contain our Tomcat generated HTML. The problem is
that IE7 (works correctly for Firefox & IE6) blocks the jessionid cookie
because it is a third party cookie.

If we have our site registered as a sub-domain of their domain is it
possible for me to explicitly set the domain on the session cookie that
Tomcat creates? I would like to be able to set the domain to be the parent
domain of us and our partner company.  I have done some searching of the
archives and API and I don't see anyway to accomplish it.
Any help appreciated.


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message