Nikita Tovstoles wrote:
thanks for the pointers. However, emptySessionPath - from what I can tell -
only deals with paths (not domain). how could I use it do ignore
subdomains?
What I do not really understand in all this, is what the point is, of having the same
JSESSIONID (and by extension, I suppose, session) for different domains.
(And I find the term "sub-domain" confusing, apart from the fact that technically, there
is no such thing).
If you have 2 hosts a.somedomain.com and b.somedomain.com, they could be virtual hosts
inside the same tomcat, but they could also be entirely distinct hosts with two separate
Tomcat's, and the client would/should never know.
So having the same "session" covering the two hosts does not seem to make sense, to me at
least.
I can understand storing some other information into a separate cookie, which would be
valid for the whole somedomain.com, but the session-id ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
