Don't use domain based cookie
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 10 Jan 2008 12:50:23 +0000 (12:50 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 10 Jan 2008 12:50:23 +0000 (12:50 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2550 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java
src/edu/internet2/middleware/shibboleth/idp/session/IdPSessionFilter.java

index 5148da6..24fc8c0 100644 (file)
@@ -344,7 +344,6 @@ public class AuthenticationEngine extends HttpServlet {
 
         LOG.debug("Adding IdP session cookie to HTTP response");
         Cookie sessionCookie = new Cookie(IDP_SESSION_COOKIE_NAME, userSession.getSessionID());
-        sessionCookie.setDomain(httpRequest.getLocalName());
         sessionCookie.setPath(httpRequest.getContextPath());
         sessionCookie.setSecure(false);
 
index 4584d75..f380851 100644 (file)
@@ -87,11 +87,9 @@ public class IdPSessionFilter implements Filter {
         log.debug("Attempting to retrieve IdP session cookie.");
         Cookie[] requestCookies = request.getCookies();
 
-        String thisDomain = "."+ request.getLocalName();
-        log.debug("THis domain is {}" + thisDomain);
         if (requestCookies != null) {
             for (Cookie requestCookie : requestCookies) {
-                if (DatatypeHelper.safeEquals(requestCookie.getDomain(), thisDomain)
+                if (DatatypeHelper.safeEquals(requestCookie.getDomain(), request.getLocalName())
                         && DatatypeHelper.safeEquals(requestCookie.getPath(), request.getContextPath())
                         && DatatypeHelper.safeEquals(requestCookie.getName(), AuthenticationEngine.IDP_SESSION_COOKIE_NAME)) {
                     log.debug("Found IdP session cookie.");