Is it possible to set the domain when JSESSIONID cookies are created? We have a couple of different subdomains (a.company.com, b.company.com, c.company.com), and we'd like the session to persist across all of them. Right now, it looks like if a request comes in to a.company.com, the JSESSIONID cookie will have a domain of a.company.com (but, we want it to be company.com).
Our current workaround is to expire the JSESSIONID cookie, and create our own JSESSIONID cookie that contains the session id. Since cookies from the request have no domain info available, we can't be sure which is our cookie and which was tomcat's cookie, so as a result every response contains two cookies, an expired JSESSIONID cookie, and another JSESSIONID cookie. This seems to work, but seems somewhat dubious. I took a quick look at the code for org.apache.catalina.connector.Request code (specifically doGetSession and configureSessionCookie), and it looks like it's not possible through configuration alone.... I thought maybe I'd be able to write a Valve, so I could access the internal Response object, which gives you access to the cookies, but it seems Valves are only good for dealing with requests... So, I thought maybe a custom Connector that extends the catalina Connector, and whose createRequest method would return a Request that sets a configurable domain when it creates the session cookie -- but, I couldn't figure out a way to get it to load -- it looks like org.apache.catalina.connector.Connector is specifically mentioned in Catalina.java -- any way to change this without modifying the code? thanks, larry --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
