Forum OpenACS Q&A: setting the domain attribute on user_id and session cookies


we are in the process of implmenting an OpenACS solution for our directory administration. However, we have many other areas on the site which will remain - at least for now - served by php / perl / apache rather than OpenACS / AOLServer. Currently our major problem is to produce a seamless session management system across our various operations. We will handling all registration / login via OpenACs but need other areas of the site to be able to access the cookies set by OpenACS (ad_user_id, etc). However, our major problem is that the 'domain' attribute of the cookies set is not used, so the cookie defaults to the fully qualified domain name. This means we cannot acquire cookies from different hosts under the same domain, which is essential for our set-up.

Can someone please tell me where I can set the domain attribute of the cookies, please?

many thanks

Andrew Cadman

I encountered the same issue and have made some modifications to /packages/acs-tcl/tcl/security-procs.tcl to handle this.  I'll do more testing.

My modification allows a cookie domain to get sent through if there is one, does NOT set a domain if the hostname is an ip address, or will send when the cookie is set.

Logging in and Logging out works properly across  I have more testing that I'll do, and if it works as it should, I'll post a diff