Hi André, > You could do the authentication and SSO handling at the Apache level, and > set some "partial domain" cookie at that level, with some cross-domain > identifier (as long as the domains have a common part of course). > The browser will later send this cookie back with each request addressed to > any of the servers that match the partial domain.
Your understanding of it, as far as my understanding is concerned, is spot on, but like you say in your post ... "as long as the domains have a common part of course" Unfortunately in my case that doesn't hold true, its an international site, and we've got the same domain names for different tlds e.g.: mydomain.com mydomain.com.ar So right at the top level (com vs / .com.ar), I'm a bit hamstrung other than that you're completely correct. I read a few other posts about trying to ensure that the JSESSIONID cookie sent by TC applies to the domain name and not the subdomain through TC (rather than doing it through apache) - this one might be of interest to you: http://www.nabble.com/Share-session-cookie-across-subdomains-td16787390.html but regardless in my case this doesn't help me because I'm essentially using two distinct domains. Cheers for the comment though Simon --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
