Forum OpenACS Development: Re: Allow Host Node Mapped Host Names for Cookies

Collapse
Posted by Gustaf Neumann on
Using domain cookies is in general quite dangerous, especially, where there are multiple OpenACS installations under the same domain (see below). a further complication can happen with host-node map entries, which are no subsites. ... so my recommendation is in general to use domain cookies carefully. What problem are you addressing?

When trying to set up independent looking host-node-mapped subsites, it might be useful to different cookie names, e.g. using a cookie suffix derived from host-node-map entry.

-g

Sample problem case: Imaging a server foo.some-domain.com and another server bar.some-domain.com. and "foo" sets the cookie domain (and provides domain cookies), a request to "bar" (which has no cookie domain set) will receive the domain cookie from "foo" and the non-domain cookies, leading to actually two session cookies, login-cookies etc.. this can lead to strange behavior, hard to debug.

Collapse
Posted by Dave Bauer on
Gustaf,

Thanks, I think I need to learn more about how this works and get some more information about how this should be set for a specific installation.

Can you clarify your example?

Are foo. and bar. served by the same Naviserver instance or are they separate sites?