[ 
https://issues.apache.org/jira/browse/MODPYTHON-149?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Graham Dumpleton closed MODPYTHON-149.
--------------------------------------


> Allow cross subdomain sessions.
> -------------------------------
>
>                 Key: MODPYTHON-149
>                 URL: https://issues.apache.org/jira/browse/MODPYTHON-149
>             Project: mod_python
>          Issue Type: Improvement
>          Components: session
>            Reporter: Graham Dumpleton
>         Assigned To: Graham Dumpleton
>             Fix For: 3.3
>
>
> When session class creates cookie, it does not explicitly set the "domain" 
> attribute. This means that the session will only apply to the specific site 
> the request was targeted at. This precludes a single server hosting multiple 
> virtual host subdomains under a parent domain and a session being shared 
> across these sites.
> The code could perhaps be enhanced to allow an option to be set to force the 
> inclusion of a "domain" attribute in the cookie for the session much like it 
> currently allows with the "path" attribute. The option for the latter is 
> "ApplicationPath". As noted in MODPYTHON-127 there is an intent to properly 
> namespace these mod_python options so maybe there should be an option:
>   mod_python.Session.application_domain
> with Session code implementing following in make_cookie() method:
>         if config.has_key("mod_python.Session.application_domain"):
>             c.domain = config["mod_python.Session.application_domain"]
> Setting the domain though would only be required if you want cross site 
> session cookies within an enclosing domain, it would not be required for a 
> single site.
> Depending on whether multiple applications are being hosted on sites under 
> the same domain, an application may also want to override the session cookie 
> name and session cookie path to avoid conflicts between multiple applications 
> when doing this.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to