This content has been marked as final. Show 7 replies
It is generally not recommended to use response object in Sites-managed JSPs. You can use the satellite:cookie JSP tag to set a cookie, see the JSP tag reference at
If your code has been called from within a Sites-managed JSP then you can run the tag using ics.RunTag() method, see the javadoc at
I am trying to use satellite:cookie tag but its not working. Actually I need to pass this cookie to some other domain so I am trying it in below mentioned way:-
<satellite:cookie name="id" value='<%=jsessionid%>' timeout="100" secure="false" url="/B001/sitesinternet" domain="10.180.59.149"/>
but its not working.
If I remove domain attribute, then it works.
Am I doing anything wrong?
Could you have a kind of Cross-site scripting problem?
If you see the documentation about the tag:
Optional. Specify a valid domain name. This value restricts the sending of the cookie from the client to addresses in this domain only
Is the domain 10.180.59.149 the browser's domain in the url you are visiting?
I don't think its because of any cross site scripting problem.
Actually, Webcenter creates two cookies namely JSESSIONID, one of CAS and other for CS and I need to create one more cookie with same name i.e. JSESSIONID that I need to pass to a diff application that is running on a diff server whose IP address is 10.180.59.149.
Is there any way to do so??
You can't set cookies for another server's domain. That's against browser security policies. If you could do that you could build a site to hijack other people's sessions on any site you want: they visit your site; you set their session cookie for (for example) facebook.com to some fixed value; you now have access to their facebook session.
I hope this clarifies things.