[ http://issues.apache.org/jira/brows...ON-149?page=all ]

Work on MODPYTHON-149 started by Graham Dumpleton

> Allow cross subdomain sessions.
> -------------------------------
>
>          Key: MODPYTHON-149
>          URL: http://issues.apache.org/jira/browse/MODPYTHON-149
>      Project: mod_python
>         Type: Improvement

>   Components: session
>     Reporter: Graham Dumpleton
>     Assignee: Graham Dumpleton

>
> When session class creates cookie, it does not explicitly set the "domain" attribu
te. This means that the session will only apply to the specific site the request was
 targeted at. This precludes a single server hosting multiple virtual host subdomain
s u
nder a parent domain and a session being shared across these sites.
> The code could perhaps be enhanced to allow an option to be set to force the inclu
sion of a "domain" attribute in the cookie for the session much like it currently al
lows with the "path" attribute. The option for the latter is "ApplicationPath". As n
ote
d in MODPYTHON-127 there is an intent to properly namespace these mod_python options so mayb
e there should be an option:[vbcol=seagreen]
>   mod_python.Session.application_domain
> with Session code implementing following in make_cookie() method:
>         if config.has_key("mod_python.Session.application_domain"):
>             c.domain = config["mod_python.Session.application_domain"]
> Setting the domain though would only be required if you want cross site se
ssion cookies within an enclosing domain, it would not be required for a sin
gle site.
> Depending on whether multiple applications are being hosted on sites under the sam
e domain, an application may also want to override the session cookie name and sessi
on cookie path to avoid conflicts between multiple applications when doing this.[/vb
col]

[ Post a follow-up to this message ]