I have an app that run on www.tropical.test. There is a security module to authenticate user.
I use a subdomain to run a module:
`
function PathInfoProvider(Event){
/* Redirect all app.tropical.test to module: core */
var URI = CGI.SERVER_NAME;
if (URI eq “app.tropical.test”)
{
return “/core” & CGI.PATH_INFO;
}
return CGI.PATH_INFO;
}
`
So when I go to app.tropical.test my core module is displayed. The problem is that if I authenticate to www.tropical.test and then go to app.tropical.test the session is not shared. I’m on railo 4.2.008 that is deployed by commandbox. I have j2ee session enabled.
That is because your session cookie is domain specific. Look at your browser debugging tools and you’ll see your jsessionid changes.
The answer to this should be to set domain cookies. There’s a ticket for Railo that was supposedly fixed, but someone commented saying it wasn’t and I never went back and tested it.
https://issues.jboss.org/browse/RAILO-1332
The workaround used to be to must manually set your cookie to the top level domain in your onRequestStart if I recall, thus overwriting the cookie that Railo is setting.
The key is that whether you hit www.tropical.test or app.tropical.test, the domain on your session cookies must be tropical.test.
Thanks!
~Brad
ColdBox Platform Evangelist
Ortus Solutions, Corp
E-mail: brad@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com