问题
If you want ColdFusion to create your session cookie as a domain level cookie e.g. .bar.com rather than foo.bar.com then you can configure that in the jrun-web.xml:-
<session-config>
<cookie-config>
<active>true</active>
<cookie-domain>.bar.com</cookie-domain>
</cookie-config>
<persistence-config>
<active>false</active>
</persistence-config>
</session-config>
However, this is an instance wide setting so if you want to run two applications on that instance or indeed one application with or more different top-level domains then one of them will have sessions that do not work.
Is there a way to add multiple domains to the jrun-web.xml and have it pick the relevant one?
Thanks.
回答1:
I managed to find the DTD for jrun-web.xml (the link @ the top points to a defunct Macromedia URL).
This specifies that there can be only one <cookie-domain> node in the XML. I've also tested a list of domain names, eg:
<cookie-domain>.domainA.com,.domainB.com</cookie-domain>
And that doesn't work either.
Not an absolute answer, but I suspect that it's possibly not possible (!), and it's certainly not possible via jrun-web.xml (which I guess answers one of your questions at least).
回答2:
<cfapplication
setdomaincookies=yes
.....>
This will set your cfid and cftoken cookies as domain cookies (*.bar.com) rather than the host-specific values (foo.bar.com).
CFApplication (see the section on setDomainCookies)
回答3:
I think you could use <CFHEADER> to set domain cookies instead of <CFCOOKIE>?
回答4:
I think if you name your application with the cgi.server_name variable, and each of your sites uses the same application.cfc or application.cfm file, then your session and cookie variables will be properly scoped for each individual site. For example:
<cfapplication name="#cgi.server_name#" sessionmanagement="YES" clientmanagement="YES" sessiontimeout="#CreateTimeSpan(1,0,0,0)#" applicationtimeout="#CreateTimeSpan(1,0,0,0)#" clientstorage="COOKIE" setclientcookies="YES">
来源:https://stackoverflow.com/questions/9293350/domain-level-session-cookie-on-multiple-domains