Announcement Announcement Module
No announcement yet.
Cross domain cookies Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cross domain cookies


    I want a user to be able to use a session across multiple sub domains. I understand that by default cookies are subdomain specific and in order to have a session work across subdomains, the cookie should be set as in stead of

    What I'm not sure about is how to do this. Should I do this by modifying Spring Security or is this a web server kind of configuration?

    If I have to modify Spring Security for this, can I do this in a central place? Any suggestions for this? There doesn't seem to be a lot of information on the subject.

    Kind regards,


  • #2
    There's a section on session management in the FAQ.

    Session management is not controlled by Spring Security, so it has no control over the domain setting for the session cookie. If you're using Tomcat, then you can use the sessionCookieDomain setting.


    • #3
      What cookie are you trying to set that needs to be shared across multiple domains? If it is the JSESSIONID, then that is specified by your container (i.e. tomcat).