Hi, I have an issue with J2EE session and the incorrect session cookies being sent by IE.
I manage a CF site with name like myhost.mysubdomain.site.com. There is another CF site named mysubdomain.site.com. We both have J2EE sessions enabled. In IE 6 (not Firefox), if a user browses first to mysubdomain.site.com to a page that generates a session, then they get a session cookie set with host domain.site.com. If they then, go to my site to a page that creates a session, they get a session cookie set with host myhost.mysubdomain.site.com. But, when I redirect them to another page on my site, IE sends back to the server the cookie for mysubdomain.site.com, not myhost.mysubdomain.site.com. The net results is that the user can never create a session on myhost.mysubdomain.site.com unless they don't first browse to mysubdomain.site.com. It seems like I can work around this by turning off J2EE sessions, but that is unfortunate, and I'm still not sure there aren't some security issues with the wrong cookies being sent. Any suggestions on how to make this work with J2EE sessions? I have tried about every possible permutation of <cfapplication> settings with no luck. Thanks, Jon ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:205887 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
