[ http://issues.apache.org/jira/browse/MODPYTHON-149?page=comments#action_12376619 ]
Graham Dumpleton commented on MODPYTHON-149: -------------------------------------------- Following on from further discussions on option naming, as per MODPYTHON-127, option will now be called: mod_python.session.application_domain > Allow cross subdomain sessions. > ------------------------------- > > Key: MODPYTHON-149 > URL: http://issues.apache.org/jira/browse/MODPYTHON-149 > Project: mod_python > Type: Improvement > Components: session > Reporter: Graham Dumpleton > Assignee: Graham Dumpleton > > When session class creates cookie, it does not explicitly set the "domain" > attribute. This means that the session will only apply to the specific site > the request was targeted at. This precludes a single server hosting multiple > virtual host subdomains under a parent domain and a session being shared > across these sites. > The code could perhaps be enhanced to allow an option to be set to force the > inclusion of a "domain" attribute in the cookie for the session much like it > currently allows with the "path" attribute. The option for the latter is > "ApplicationPath". As noted in MODPYTHON-127 there is an intent to properly > namespace these mod_python options so maybe there should be an option: > mod_python.Session.application_domain > with Session code implementing following in make_cookie() method: > if config.has_key("mod_python.Session.application_domain"): > c.domain = config["mod_python.Session.application_domain"] > Setting the domain though would only be required if you want cross site > session cookies within an enclosing domain, it would not be required for a > single site. > Depending on whether multiple applications are being hosted on sites under > the same domain, an application may also want to override the session cookie > name and session cookie path to avoid conflicts between multiple applications > when doing this. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
