0

I am adding cookies using response.addCookie and then redirect using response.sendRedirect to an URL in different domain. Cookie path is already set to "/".

HttpServletResponse response = (HttpServletResponse) Facescontext.getCurrentInstance().getExternalcontext().getResponse();
response.addCookie(cookie);
response.sendRedirect("http://different.domain.com/xyz.xhtml");

I had observed in debug mode and inspecting the response objects at each level cookies are lost before calling the "xhtml" page itself.

I'm using Tomcat 7.0.26. JDK 1.7 and JSF 2.0.

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
Santhosh
  • 23
  • 7
  • There is a similar question and the answer here - http://stackoverflow.com/questions/1621499/why-cant-i-set-a-cookie-and-redirect – ramp Jan 22 '15 at 06:59

1 Answers1

0

This is a security violation. You can't set response cookies for a different domain than the one on which the request was sent to. You can at most share cookies between different subdomains like foo.example.com and bar.example.com by setting the cookie domain to .example.com, with the leading period.

Look for another solution for the functional requirement you had in mind. A commonly used one is sending an long unique autogenerated value as a "token" as a request parameter in the redirect URL.

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
  • Thanks BalusC, currently it's the way coded. Strange behavior is these cookies are present if I deploy the same application on WAS server and loosing them on TomCat Servers :( – Santhosh Jan 22 '15 at 18:30