The following reply was made to PR mod_jserv/5504; it has been noted by GNATS.
From: Si Ly <[EMAIL PROTECTED]> To: jon * <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] Subject: Re: mod_jserv/5504: I think setting of domains in cookies should be an optional item in zone.properties. Date: Thu, 23 Dec 1999 15:20:35 -0800 On Thu, Dec 23, 1999 at 11:34:57AM -0800, jon * wrote: > on 12/23/99 4:37 AM, Si Ly <[EMAIL PROTECTED]> wrote: > > > For > > example, http://www.foo.com/ and https://secure.foo.com/ both hit the > > same Servlet Zone and want to use the same sessions, but can't. > > Why not just make it https://www.foo.com? For now, I'm just stuck with a certificate signed for secure.foo.com. But consider this... If I have a pool of Apache servers load balancing, some of the servers may be special. For example, some may be more powerful and run extra services, such as a chat server. In which case, I'd like to point browsers to http://chat.foo.com/, but the main application logic and session management should still be shareable (and live in the same Servlet Zone). It would also be possible that secure.foo.com is a dedicated machine, and SSL wouldn't be available on www.foo.com (which could be a pool of servers). -- Si