I have a host setup as foobar.com with an alias of www.foobar.com.
When a client visits foobar.com I create a cookie-based session for the user. Everything behaves correctly as long as all of the user's requests to the server begin with foobar.com, however if the user visits www.foobar.com the browser will not send the session cookie and vice-versa. As far as I can tell this is because the session cookies that Tomcat creates have a domain that matches the requested domain. However, if the cookies were created with a domain of ".foobar.com" then they browser would send the cookie to both http://foobar.com and http://www.foobar.com.
Is there any way to override the cookie domain that Tomcat uses when it creates a cookie?
If there is not a way to do that, then should I forego the usage of Tomcat's session cookies and create my own cookies for session management? Is there a better way?
-- John Gibson
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
