Announcement Announcement Module
Collapse
No announcement yet.
Cross domain cookies Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cross domain cookies

    Hi,

    I want a user to be able to use a session across multiple sub domains. I understand that by default cookies are subdomain specific and in order to have a session work across subdomains, the cookie should be set as .domain.com in stead of sub.domain.com.

    What I'm not sure about is how to do this. Should I do this by modifying Spring Security or is this a web server kind of configuration?

    If I have to modify Spring Security for this, can I do this in a central place? Any suggestions for this? There doesn't seem to be a lot of information on the subject.

    Kind regards,

    Marc

  • #2
    There's a section on session management in the FAQ.

    Session management is not controlled by Spring Security, so it has no control over the domain setting for the session cookie. If you're using Tomcat, then you can use the sessionCookieDomain setting.

    Comment


    • #3
      What cookie are you trying to set that needs to be shared across multiple domains? If it is the JSESSIONID, then that is specified by your container (i.e. tomcat).

      Comment

      Working...
      X