1 Reply Latest reply on Jun 18, 2003 9:53 AM by Jon Barnett

    CookieDomain equivalent

    Dave Head-Rapson Newbie

      I'm trying to deploy an e-commerce app on a jboss_3.0.7/tomcat bundle and wish to persist the session by cookies or URL rewriting.

      On my jboss-tomcat bundle installation, if I have cookies OFF, tomcat rewrites the URLs so session the session is persisted.

      If I have cookies turned ON, tomcat doesn't rewrite the URL & stores a cookie with the full domain name (www.communix.com) which is fine as long as I stay in the same domain but ...

      For the secure pages, the application forwards to another domain (secure.communix.com instead of www.communix.com). Its the same server instance/host.

      Now, because cookies are switched ON, tomcat won't rewrite the URL when it forwards and the session is lost!

      The only way around this I can think of is to change the domain of the cookie to .communix.com instead of www.communix.com

      This can be done on both WebLogic 6.x and Sun Reference Impl in the server-specific web deployment descriptor (i.e. their equivalent to jboss-web_3_0.xml) using the CookieDomain session parameter.

      Does anyone know of a similar parameter I can set with JBoss, or a different way of doing it ?

      Thanks in advance

        • 1. Re: CookieDomain equivalent
          Jon Barnett Master

          This is a Tomcat issue rather than a JBoss issue. I haven't found any coverage for cookie domains in Tomcat. You can get around this through forced and explicit rewriting of the URL.

          Unless you are really married to the whole Tomcat idea, you might try Jetty. It supports session domains that you can set as an InitParam in ServletContext.

          Don't know if this helps.