Graham Dumpleton commented on MODPYTHON-149:

Following on from further discussions on option naming, as per MODPYTHON-127, 
option will now be called:


> Allow cross subdomain sessions.
> -------------------------------
>          Key: MODPYTHON-149
>          URL: http://issues.apache.org/jira/browse/MODPYTHON-149
>      Project: mod_python
>         Type: Improvement

>   Components: session
>     Reporter: Graham Dumpleton
>     Assignee: Graham Dumpleton

> When session class creates cookie, it does not explicitly set the "domain" 
> attribute. This means that the session will only apply to the specific site 
> the request was targeted at. This precludes a single server hosting multiple 
> virtual host subdomains under a parent domain and a session being shared 
> across these sites.
> The code could perhaps be enhanced to allow an option to be set to force the 
> inclusion of a "domain" attribute in the cookie for the session much like it 
> currently allows with the "path" attribute. The option for the latter is 
> "ApplicationPath". As noted in MODPYTHON-127 there is an intent to properly 
> namespace these mod_python options so maybe there should be an option:
>   mod_python.Session.application_domain
> with Session code implementing following in make_cookie() method:
>         if config.has_key("mod_python.Session.application_domain"):
>             c.domain = config["mod_python.Session.application_domain"]
> Setting the domain though would only be required if you want cross site 
> session cookies within an enclosing domain, it would not be required for a 
> single site.
> Depending on whether multiple applications are being hosted on sites under 
> the same domain, an application may also want to override the session cookie 
> name and session cookie path to avoid conflicts between multiple applications 
> when doing this.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

Reply via email to