I have a web application which is hosted at https://example.com. I would like to share a session cookie between the main domain https://example.com and sub-domain https://www.example.com. Thus, there should be no need for a user to re-login if they switch from one domain to another. How do I achieve this in springboot 2.2.6?
This is what I have tried: I went to application.properties and set server.servlet.session.cookie.domain=.example.com Now, this does not help. I get an error:
java.lang.IllegalArgumentException: An invalid domain [.example.com] was specified for this cookie
at org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateDomain(Rfc6265CookieProcessor.java:210) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
at org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:145) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
at org.apache.catalina.connector.Response.generateCookieString(Response.java:973) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
If I set server.servlet.session.cookie.domain=example.com, then the cookie is not visible for http://www.example.com and if I set server.servlet.session.cookie.domain=www.example.com, then the cookie is not visible for http://example.com
I have read discussions about Rfc6265CookieProcessor and LegacyCookieProcessor, but I don't know the right way to fix this issue.
Springboot 2.2.6 uses tomcat version 9.0.*
So, how do I fix this issue?
EDIT:
I was trying the above changes on localhost only and not on production. Instead of accessing http://www.example.com, I was doing https://www.localhost and instead of accessing http://example.com, I was doing http://localhost