Thanks a lot for these suggestions Chris. We are not using single sign-on. I will explore the Valve option you have suggested.
thanks! Vijay On Thu, Nov 12, 2009 at 5:24 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Vijay, > > On 11/12/2009 1:24 PM, Vijay Narayanan wrote: > > However, I am not able to figure out how to set the domain name to a > custom > > value (e.g. .mycompany.com). > > A quick look through the 6.0.20 source code seems to indicate that > Tomcat does not set the domain at all for regular JSESSIONID cookies, > though you do have some measure of control over SSO cookies. Are you > using single-sign-on? > > Assuming you are not using SSO, I don't think there is any Tomcat > configuration to adjust the domain name, here, but you still have options. > > You could write a valve that wraps the response to intercept any > addCookie calls and re-write the domain for any using > SESSION_COOKIE_NAME as the cookie name. > > Or, you could hack org/apache/catalina/connector/Request.java to do that > for you. You could even hack that class to use a new system property > (say, SESSION_COOKIE_DOMAIN) if it exists and then submit a patch for > inclusion into the Tomcat source. > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkr8izoACgkQ9CaO5/Lv0PCvhACeKiNBzRIgTlSv9GNN//9CS011 > 1uMAoIxshpwVvH8g8/vDxZuE7xzuGU+G > =HJQT > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
