change domain of JSESSIONID cookie in Apache

Currently JSESSIONID is set by xxx.domain.com and I'd like to read the JSESSIONID from yyy.domain.com, so how can I change the JSESSIONID cookie's domain from xxx.domain.com to .domain.com? I'm using Apache as web server. Thanks.
xiaoyunwuAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave BaldwinFixer of ProblemsCommented:
You can do that by using ".domain.com" as the domain when you set the cookie.  Apparently there is an XML file somewhere that sets all the cookie parameters.  WEB-INF/web.xml?
0
xiaoyunwuAuthor Commented:
I can't find in WEB-INF/web.xml
0
Dave BaldwinFixer of ProblemsCommented:
JSESSIONID is not going to be set by Apache but by Java.  Please click on "Request Attention" and get the JAVA Topic Area added to your question so the Java experts will see your question.  It would also help if you would post the exact program versions and methods you are using since there may be more than one way of doing this.
0
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

xiaoyunwuAuthor Commented:
I tried two options
1)
<IfModule headers_module>
Header edit Set-Cookie "^(JSESSIONID.*);.*$" "$1; path=/; domain=theeducationcenter.com"
</IfModule>

The problem with this approach is I can't match zzz.domain.com, if I only want to have domain reset when xxx.domain.com and yyy.domain.com not zzz.domain.com

2)
RewriteCond %{HTTP_COOKIE} JSESSIONID=(.*) [NC]
RewriteRule .* - [CO=JSESSIONID:%1:.theeducationcenter.com]

The same thing, I can't find out how to match domain in RewriteCond to say not when domain is zzz.domain.com

Another problem with second approach is that it will create another JSESSIONID at domain.com instead of overwrite JESSIONID at xxx.domain.com, so I end up with two JESSIONID cookies

Thanks.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mccarlIT Business Systems Analyst / Software DeveloperCommented:
Are you using Tomcat (behind Apache) to host the application? Do you have access to modify the web application?

If so, you can add a file "META-INF/context.xml" that contains the below... (note: in your project, META-INF should be in the same directory as your WEB-INF)
<?xml version="1.0" encoding="UTF-8"?>
<Context sessionCookieDomain=".domain.com"/>

Open in new window

Note: if the "META-INF/context.xml" file already exists, just add the above attribute to the <Context> element that will already be there.
0
mccarlIT Business Systems Analyst / Software DeveloperCommented:
You are trying to close this request by accepting your own comment. This is fine but the comment has no information about how your problem is solved, it was just a comment listing 2 things you had tried and why neither of those 2 things are acceptable. But now you say that it's solved.

Please leave a comment about exactly how your problem was solved and then you can accept that as the answer. Otherwise you should award points to any answers that have helped you.
0
xiaoyunwuAuthor Commented:
this solves
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.