Our app servers will be accessed through two different domains, http://www.foo.com and https://secure.foo.com. This won't work if the JSESSIONID cookie domain continues to default to www.foo.com.

How can I configure JSESSIONID so the domain is .foo.com?