You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by Si Ly <sl...@sily.net> on 1999/12/23 13:37:21 UTC

mod_jserv/5504: I think setting of domains in cookies should be an optional item in zone.properties.

>Number:         5504
>Category:       mod_jserv
>Synopsis:       I think setting of domains in cookies should be an optional item in zone.properties.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    jserv
>State:          open
>Class:          change-request
>Submitter-Id:   apache
>Arrival-Date:   Thu Dec 23 04:40:01 PST 1999
>Last-Modified:
>Originator:     sly@sily.net
>Organization:
apache
>Release:        Apache 1.3.9 + ApacheJServ 1.1b3
>Environment:
Red Hat Linux 6.0 (Kernel 2.2.5)
Blackdown JDK1.1.7v3 (green threads)
>Description:
Currently, the call to Cookie.setDomain() is commented out to address
bug #2593 -- when the browser requests a page by IP address.  (It probably
also fix the case where the hostname is not a FQDN, i.e. http://localhost/.)
However, this breaks when I want to have multiple Apache servers on
different hosts load balancing against the same Servlet Zone.  For
example, http://www.foo.com/ and https://secure.foo.com/ both hit the
same Servlet Zone and want to use the same sessions, but can't.
>How-To-Repeat:
Have to two Apache hosts, http://www.foo.com/ and https://secure.foo.com/
use the same Servlet Zone.  Or even have one host listening on two different
ports do the same.  Sessions are created for each host (or port).
>Fix:
I suggest putting an optional property in zone.properties.  Perhaps like this:
session.cookie.domain=.foo.com
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <ap...@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or      ]
["Re: general/1098:").  If the subject doesn't match this       ]
[pattern, your message will be misfiled and ignored.  The       ]
["apbugs" address is not added to the Cc line of messages from  ]
[the database automatically because of the potential for mail   ]
[loops.  If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request from a  ]
[developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]