"Boemio, Neil (CAP, FGI)" wrote:
> If I have xxx.com and yyy.com both going to aaa.com, how can I retrieve a
> cookie for aaa.com when any of these are visited.
>
> So when someone visits xxx.com, I want to be able to retrieve it from under
> aaa.com because that's where my servlet put it since I use
> request.getServerName() when setting the cookie.
>
> If I use request.getCookies(), it tries to get it from where the user
> visited .... example xxx.com or yyy.com .... but it's not there. It will
> always be under aaa.com.
>
> Neil
>
Cookies work this way for valid security-based reasons.
The browser only sends a cookie back to whatever hosts match the "domain"
property on the cookie you created. So, if you set your cookie's domain to
".xxx.com" the cookie will never get sent to ".yyy.com" or ".aaa.com" because
the browser has no clue that these are really the "same" server.
The best answer is to make sure that the user uses the same host name for all
of their interactions with your app.
NOTE: if you run this app on a servlet engine that is strict about
interpreting the 2.1 or 2.2 spec, you will also find that sessions are not
shared across the different virtual hosts, because that is not allowed.
Craig McClanahan
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
