Technical notes for using domain cookies with virtual hosts

Edit online

When you are using domain cookies with virtual hosts, consider the following points.

  • Security warning! It is possible for an untrusted host to exist among the collection of hosts for a specific domain.
  • To use domain cookies, all virtual hosts must be in the same DNS domain.
  • You can do single sign-on across virtual host junctions in the same WebSEAL instance with WebSEAL alone. Alternatively, you can configure a distributed session cache environment to do single sign-on across virtual host junctions, which can be distributed across WebSEAL instances.
  • If you are using the distributed session cache to achieve single sign-on across virtual host junctions, you must not enable the shared-domain-cookie configuration item. Enable the configuration in the WebSEAL [session] stanza.
  • See, Single signon in a replica set.