Re: Strange Cookie behavior with ie 6 and subdomains

Mon, 13 Jan 2003 06:13:19 -0800

If a cookie is set for mydomain.com. Then the cookie is also sent to:

www.mydomain.com
foo.mydomain.com
test.mydomain.com

If Mozilla is NOT doing that. Then Mozilla has a bug.

In reality - what is really happening is you have 2 cookies set:
One for test.mydomain.com and one for mydomain.com. It just so happens that Mozilla is sending both cookies in such a way that tomcat gets lucky and picks up the right one for sessionid. IE sends it an incompatiable (but probably correct) way. Who knows what happens if you try using Opera.

Write a test page from www.mydomain.com and dump all your request headers and you'll probably see that you are getting sent 2 jsessionid cookies.


-Tim


Michael Wyraz wrote:
Hi!

The user _is_ on the correct domain. The problem is, that
the browser does not recognize, that "test.mydomain.com"
and "mydomain.com" are different.
BTW: Mozilla doesn't have this bug...

On Mon, 13 Jan 2003 08:54:54 -0500, Tim Funk wrote:



[
  This is more suited for tomcat-user
  Please post followups to: [EMAIL PROTECTED]
]
This is not isolated to IE6 but all browsers. If you are using apache - add the appropriate redirects to your httpd config to force the user to the correct domain.


-Tim



Michael Wyraz wrote:


Hi!

I found a strange bug in internet explorer cookie handling that could possibile
workarounded in tomcat:

I have 2 different webapps on 2 different domains (a domain and a subdomain of this domain), e.g.:
mydomain.com
test.mydomain.com

When I enter the first domain, a session cookie for this domain is set.
The session then works fine for this domain.
Then I view a page from the second domain. IE returns the cookie
that was set in the first domain. Tomcat does'nt know that session id
in the second context and sets a new cookie.
Now the strange thing: The new Cookie is never returned from ie. So the
new Session in the second domain is not valid and after each click a
new SessionID is generated (i think IE always returns the cookie set in the first domain).

A possible solution:
If the name of the session cookie would be configurable (per host or per webapp),
the hostname could added to that cookie. This would fix this issue on IE.

Michael.




--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to