8 messages in org.apache.tomcat.devRe: domain-wide session cookies?| From | Sent On | Attachments |
|---|---|---|
| Aditya | Mar 20, 2003 9:39 pm | |
| Aditya | Mar 21, 2003 2:50 pm | |
| Craig R. McClanahan | Mar 24, 2003 11:43 am | |
| Aditya | Mar 24, 2003 1:34 pm | |
| Craig R. McClanahan | Mar 24, 2003 2:10 pm | |
| Aditya | Mar 24, 2003 5:07 pm | |
| Craig R. McClanahan | Mar 24, 2003 9:31 pm | |
| Aditya | Mar 24, 2003 10:55 pm |
| Subject: | Re: domain-wide session cookies? | |
|---|---|---|
| From: | Aditya (adi...@grot.org) | |
| Date: | Mar 21, 2003 2:50:22 pm | |
| List: | org.apache.tomcat.dev | |
For those who care, I've answered my own questions:
On Thu, 20 Mar 2003 21:40:20 -0800, Aditya <adi...@grot.org> said: Under Tomcat-4 it looks like the session cookie is set in:
org/apache/catalina/connector/HttpResponseBase.java
and the code that sets it uses the default domain (which is equal to the request hostname.domain.tld) when it sets the session cookie. I need to set the cookie to be domain-wide, ie. ".domain.tld" however it seems silly to hardcode it in the above class.
Before I tackle this:
0) is there a better way to do it?
Yup, do it in a filter. Using a filter to manipulate cookies is trivial and using session.isNew() guarantees that we just do this once.
If anyone wants any more detail about this strange, slightly yucky hack, please ask.
Adi