You are viewing a plain text version of this content. The canonical link for it is here.

Posted to mod_python-dev@quetz.apache.org by "Graham Dumpleton (JIRA)" <ji...@apache.org> on 2007/04/11 13:38:32 UTC

[jira] Closed: (MODPYTHON-149) Allow cross subdomain sessions.

     [ https://issues.apache.org/jira/browse/MODPYTHON-149?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Graham Dumpleton closed MODPYTHON-149.
--------------------------------------


> Allow cross subdomain sessions.
> -------------------------------
>
>                 Key: MODPYTHON-149
>                 URL: https://issues.apache.org/jira/browse/MODPYTHON-149
>             Project: mod_python
>          Issue Type: Improvement
>          Components: session
>            Reporter: Graham Dumpleton
>         Assigned To: Graham Dumpleton
>             Fix For: 3.3
>
>
> When session class creates cookie, it does not explicitly set the "domain" attribute. This means that the session will only apply to the specific site the request was targeted at. This precludes a single server hosting multiple virtual host subdomains under a parent domain and a session being shared across these sites.
> The code could perhaps be enhanced to allow an option to be set to force the inclusion of a "domain" attribute in the cookie for the session much like it currently allows with the "path" attribute. The option for the latter is "ApplicationPath". As noted in MODPYTHON-127 there is an intent to properly namespace these mod_python options so maybe there should be an option:
>   mod_python.Session.application_domain
> with Session code implementing following in make_cookie() method:
>         if config.has_key("mod_python.Session.application_domain"):
>             c.domain = config["mod_python.Session.application_domain"]
> Setting the domain though would only be required if you want cross site session cookies within an enclosing domain, it would not be required for a single site.
> Depending on whether multiple applications are being hosted on sites under the same domain, an application may also want to override the session cookie name and session cookie path to avoid conflicts between multiple applications when doing this.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.