Does anyone have suggestions on good ways to deal with domain-wide RememberMe cookies? My live site cookies are affecting the use of my staging server (for instance, I can't log out unless I log out of the live site).
Assume my live server is: http://mydomain.com And my staging server is: http://stage.mydomain.com I have the following Spring configuration: <bean name="myRememberMeManager" class="com.mydomain.security.MyRememberMeManager"> <property name="cipherKey" ref="cipherKeyBytes"/> <property name="cookie.domain" value="${global.cookieDomain}"/> </bean> The global.cookieDomain property is set differently depending upon the environment. For production: global.cookieDomain=.mydomain.com For staging: global.cookieDomain=.stage.mydomain.com Notice the "." before the domain names to specify all subdomains. This is making it so that I can't logout on my staging server. But I need it because my users need to access resources from other hostnames (api.mydomain.com, etc.). The simplest solution would be to just use a different domain for staging: http://stagemydomain.com/ Is this the recommended solution? Or is there something else I could do? Thanks, Tauren
