I have a web application that is using JSecurity and also uses wildcard DNS to allow for subdomains (and also sub-subdomains). I'm having a problem getting people logged in properly. The problem goes like this:1. User goes to http://subdomain.myapp.com/ and fills in a login form with their credentials. 2. Upon form submission we log them in and then redirect them to http://user.subdomain.myapp.com/ 3. They end up at their site, but they are no longer logged in because they logged into the subdomain, not the sub-subdomain.
If the user uses the login form on http://user.subdomain.myapp.com/ then everything works fine. Is there a way to tell JSecurity that a login is valid for the entire domain (i.e. myapp.com) or the entire subdomain (i.e. subdomain.myapp.com) rather than just the actual domain they are on when they submit the form? Thanks, Jesse PS - http://jsecurity.org seems to be down. http://incubator.apache.org/ki/is fine though. -- :::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Jesse O'Neill-Oine // [email protected] Refactr LLC // http://refactr.com mobile // 612-670-5037 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
