-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mike,
On 8/27/16 8:44 PM, Mike Wertheim wrote: > I've found a difference in behavior between Tomcat 8.0.33 and > Tomcat 8.5.4. > > Here's the setup... > > I have some Tomcat servers behind an F5 load balancer. There are > two top-level domains (which I'll call domain1.com > <http://domain1.com> and domain2.com <http://domain2.com>) pointing > to the load balancer. In addition, there is a separate server > running PHP. There is a top-level domain (which I'll call > domain3.com <http://domain3.com>) that points to the PHP server. > So www.domain3.com <http://www.domain3.com> goes to the PHP server. > But we use DNS to point a subdomain of domain3.com > <http://domain3.com> (let's call it sub.domain3.com > <http://sub.domain3.com>) which points to the Tomcat servers via > the load balancer. > > The Java app that's running on Tomcat sets some cookies. The > cookie's domain is set by doing something like > cookie.setDomain(domain), where "domain" is based on the value of > request.getServerName(). > > The bug that Tomcat 8.5.4 exhibits is: Chrome and Safari refuse to > set the cookie when the site is accessed via > http://sub.domain3.com. > > The cookies work fine in each of the following scenarios: - It > works fine when the Tomcat version is 8.0.33 - It works fine with > Firefox - It works fine when the site is accessed by either > domain1.com <http://domain1.com> or domain2.com > <http://domain2.com> > > The failure only happens with the combination of: Tomcat 8.5.4, > the browser is Chrome or Safari, and the site is accessed via > http://sub.domain3.com. > > This all happens using regular (non-SSL) http. > > I've attached server.xml and context.xml. Can you take a protocol-capture of the Set-Cookie response header in each case? Use something like Fiddler, FireBug, LiveHttpHeaders, etc. or even Wireshark to see what's being sent. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJXw4twAAoJEBzwKT+lPKRYAFgQAL82b2Fe0WA+41ITaPybsZLV NqYn44rx3LAv3L1Bd2wFhSmHY43mWkA5POpGbPPHQP8/BNzpmLoyryeQ6q1aQwP/ YLjh3Dl5K5adba9Q+LuTe4Kv7uhqb0eEMlLCXVkBCGDPeaT55Z2NVoGGhqVyXRBz eEVkz0YvT9VFXKB2zSJBTGP5LP19gXgKMnJ1QXGhcl2nnIOR1eIGVWVEqecOsCgk /3gO3ZU3Nq002Sh6eH6c1xVoq75ZgmFQXqOvst/qWTJknMM4qjvdOGPg8Oy4caSN nZcSU2Xq6EiypGNK1ikDqcnyARTNxKCs0UvKfiOaUbW3U1TtzdbhcClAPvvaHTPr 5cHv+3L4I6a2zeFp3IaFomQaSX6YliSBWe4hYS3czCnvaWFtb789aQbxtDG6OtF3 WNgxG3daQKTeGH2yPV0qLek+SmcQwvD725eIUKjzyucXKBPERQTSdRSGudL2pB8i 2COcwjBXh449tcEl8+7E4DqbXdDq9T+XjpvBnltRA6rbqBw2Baz6EUCLhaAv4DDR BVMNXFCFZ1PYPfJgpUtQPr0fT5E3xLIMD352laPTdn6Fx4zL+O5dKf9daruFH0z7 9X1qZiKb4vyHzemBMH5H99be7mGa1wsRa45ek5rlUyYSC4kTXXDkQMYEa9LPlkZU vmvpJi9g4lXkqOUALpqf =OSu4 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org