[ https://issues.apache.org/jira/browse/MODPYTHON-149?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Graham Dumpleton closed MODPYTHON-149. -------------------------------------- > Allow cross subdomain sessions. > ------------------------------- > > Key: MODPYTHON-149 > URL: https://issues.apache.org/jira/browse/MODPYTHON-149 > Project: mod_python > Issue Type: Improvement > Components: session > Reporter: Graham Dumpleton > Assigned To: Graham Dumpleton > Fix For: 3.3 > > > When session class creates cookie, it does not explicitly set the "domain" > attribute. This means that the session will only apply to the specific site > the request was targeted at. This precludes a single server hosting multiple > virtual host subdomains under a parent domain and a session being shared > across these sites. > The code could perhaps be enhanced to allow an option to be set to force the > inclusion of a "domain" attribute in the cookie for the session much like it > currently allows with the "path" attribute. The option for the latter is > "ApplicationPath". As noted in MODPYTHON-127 there is an intent to properly > namespace these mod_python options so maybe there should be an option: > mod_python.Session.application_domain > with Session code implementing following in make_cookie() method: > if config.has_key("mod_python.Session.application_domain"): > c.domain = config["mod_python.Session.application_domain"] > Setting the domain though would only be required if you want cross site > session cookies within an enclosing domain, it would not be required for a > single site. > Depending on whether multiple applications are being hosted on sites under > the same domain, an application may also want to override the session cookie > name and session cookie path to avoid conflicts between multiple applications > when doing this. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.