Hi Jesse, This problem is related to cross-domain cookies, which Ki mistakenly does not set by default. If you open a Jira issue, I can have this fix committed sometime today.
Reference: http://blog.cylenceweb.com/2008/11/30/cross-subdomain-cookies-on-different-servers/ On Thu, Jun 4, 2009 at 11:47 AM, Jesse O'Neill-Oine <[email protected]>wrote: > I have a web application that is using JSecurity and also uses wildcard DNS > to allow for subdomains (and also sub-subdomains). I'm having a problem > getting people logged in properly. > The problem goes like this: 1. User goes to http://subdomain.myapp.com/and > fills in a login form with their credentials. > 2. Upon form submission we log them in and then redirect them to > http://user.subdomain.myapp.com/ > 3. They end up at their site, but they are no longer logged in because they > logged into the subdomain, not the sub-subdomain. > > If the user uses the login form on http://user.subdomain.myapp.com/ then > everything works fine. > > Is there a way to tell JSecurity that a login is valid for the entire > domain (i.e. myapp.com) or the entire subdomain (i.e. subdomain.myapp.com) > rather than just the actual domain they are on when they submit the form? > > Thanks, > Jesse > > PS - http://jsecurity.org seems to be down. > http://incubator.apache.org/ki/ is fine though. > > -- > :::::::::::::::::::::::::::::::::::::::::::::::::::::::::: > Jesse O'Neill-Oine // [email protected] > Refactr LLC // http://refactr.com > mobile // 612-670-5037 > :::::::::::::::::::::::::::::::::::::::::::::::::::::::::: >
