I personally don't have any good ideas for this other than by using a separate base domain as you've indicated. I'd love to hear other solutions if anyone has any!
Cheers, Les On Thu, Apr 7, 2011 at 4:08 AM, Tauren Mills <[email protected]> wrote: > Does anyone have suggestions on good ways to deal with domain-wide > RememberMe cookies? My live site cookies are affecting the use of my staging > server (for instance, I can't log out unless I log out of the live site). > Assume my live server is: > http://mydomain.com > And my staging server is: > http://stage.mydomain.com > I have the following Spring configuration: > <bean name="myRememberMeManager" > class="com.mydomain.security.MyRememberMeManager"> > <property name="cipherKey" ref="cipherKeyBytes"/> > <property name="cookie.domain" value="${global.cookieDomain}"/> > </bean> > The global.cookieDomain property is set differently depending upon the > environment. For production: > global.cookieDomain=.mydomain.com > For staging: > global.cookieDomain=.stage.mydomain.com > Notice the "." before the domain names to specify all subdomains. This is > making it so that I can't logout on my staging server. But I need it because > my users need to access resources from other hostnames (api.mydomain.com, > etc.). > The simplest solution would be to just use a different domain for staging: > http://stagemydomain.com/ > Is this the recommended solution? Or is there something else I could do? > Thanks, > Tauren
