[GLASSFISH-20710] Set domain for sso-cookie. Created: 18/Jul/13  Updated: 24/Apr/14

Status: Open
Project: glassfish
Component/s: web_container
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major
Reporter: pljosh Assignee: Dhiru Pandey
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


Tags: cookie, domain, sso, sso-cookie


There is no way to set domain for sso-cookie.

I have tried hacking by intercepting response#addCookie, response#addHeader or any other possible method, but the org.apache.catalina.authenticator.AuthenticatorBase is not provided with my wrapped ServletResponse.

Comment by pljosh [ 20/Jul/13 ]

Here is my (ugly) workaround:

private void setupSsoCookieDomain(HttpServletResponse response) {
    if (domainName == null || domainName.indexOf('.') == -1) {
    boolean first = true;
    for (String cookie : response.getHeaders("Set-Cookie")) {
        if (cookie.startsWith(SSO_COOKIE_NAME) && !cookie.contains("Domain")) {
            //insert Domain=.domain to apply cookie for any subdomain
            cookie = cookie.replace("Path=", "Domain=." + domainName + "; Path=");
        if (first) {
            response.setHeader("Set-Cookie", cookie);
        } else {
            response.addHeader("Set-Cookie", cookie);
        first = false;
Generated at Mon Mar 27 12:42:03 UTC 2017 using JIRA 6.2.3#6260-sha1:63ef1d6dac3f4f4d7db4c1effd405ba38ccdc558.