>Number: 5504 >Category: mod_jserv >Synopsis: I think setting of domains in cookies should be an optional >item in zone.properties. >Confidential: no >Severity: serious >Priority: medium >Responsible: jserv >State: open >Class: change-request >Submitter-Id: apache >Arrival-Date: Thu Dec 23 04:40:01 PST 1999 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: Apache 1.3.9 + ApacheJServ 1.1b3 >Environment: Red Hat Linux 6.0 (Kernel 2.2.5) Blackdown JDK1.1.7v3 (green threads) >Description: Currently, the call to Cookie.setDomain() is commented out to address bug #2593 -- when the browser requests a page by IP address. (It probably also fix the case where the hostname is not a FQDN, i.e. http://localhost/.) However, this breaks when I want to have multiple Apache servers on different hosts load balancing against the same Servlet Zone. For example, http://www.foo.com/ and https://secure.foo.com/ both hit the same Servlet Zone and want to use the same sessions, but can't. >How-To-Repeat: Have to two Apache hosts, http://www.foo.com/ and https://secure.foo.com/ use the same Servlet Zone. Or even have one host listening on two different ports do the same. Sessions are created for each host (or port). >Fix: I suggest putting an optional property in zone.properties. Perhaps like this: session.cookie.domain=.foo.com >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, you need] [to include <[EMAIL PROTECTED]> in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
