http://www.robrohan.com/blog/index.cfm?mode=entry&entry=9B8F98DE-13C9-519C-6C958F2F38E1BACD
On 5/6/05, Jon Gunnip <[EMAIL PROTECTED]> wrote: > Hi, > > I have an issue with J2EE session and the incorrect session cookies > being sent by IE. > > I manage a CF site with name like myhost.mysubdomain.site.com. There > is another CF site named mysubdomain.site.com. We both have J2EE > sessions enabled. > > In IE 6 (not Firefox), if a user browses first to mysubdomain.site.com > to a page that generates a session, then they get a session cookie set > with host domain.site.com. If they then, go to my site to a page that > creates a session, they get a session cookie set with host > myhost.mysubdomain.site.com. > > But, when I redirect them to another page on my site, IE sends back to > the server the cookie for mysubdomain.site.com, not > myhost.mysubdomain.site.com. The net results is that the user can > never create a session on myhost.mysubdomain.site.com unless they > don't first browse to mysubdomain.site.com. > > It seems like I can work around this by turning off J2EE sessions, but > that is unfortunate, and I'm still not sure there aren't some security > issues with the wrong cookies being sent. > > Any suggestions on how to make this work with J2EE sessions? I have > tried about every possible permutation of <cfapplication> settings > with no luck. > > Thanks, > Jon > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:205895 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
