[cas-dev] ticketGrantingTicketCookieGenerator cookieDomain setting in clustered environment
Scott Battaglia
scott.battaglia at gmail.com
Mon Nov 5 12:02:24 EST 2007
Lee,
I didn't write the Clustering CAS document so I can't comment on that
person's specific need for setting the cookie domain a certain way.
If your CAS servers are all behind a single load balancer / content switch
then they all appear to be the same domain, and thus the cookie domain does
not need to be modified.
If your servers are set up as cas1.cas.domain.com, cas2.cas.domain.com,
cas3.cas.domain.com then the settings may need to be modified. I recommend
fronting with a load balancer/content switch to reduce the chances that an
incorrect configuration setting could expose the cookie to more domains.
-Scott
On 11/5/07, Lee Braddock <lee.braddock at ccci.org> wrote:
>
> Scott,
>
>
>
> I am unclear as to why I would need to set the bean id
> ticketGrantingTicketCookieGenerator cookieDomain when running cas in a
> clustered environment (as is stated by this wiki page:
> http://www.ja-sig.org/wiki/display/CASUM/Clustering+CAS).
>
>
>
> If the load balancer that 'fronts' the cluster sends the http response
> with the same domain name regardless of which cas server clustered node
> provided the response, would not the browser set the cookie domain to the
> correct value by default (i.e. without our having to set it, as in
> above)? And would not the browser then always send that cookie back to that
> domain from whence it came, specifically the load balancer itself and then,
> in turn, onto some cas server node in the cluster?
>
>
>
> Please clarify.
>
>
>
> Thanks.
>
>
>
> *Lee Braddock*
>
> *Sr. Applications Developer*
>
> *Enterprise** Framework*
>
> *ITG Applications *
>
> *Campus Crusade for Christ*
>
> *407-826-2166 office*
>
> http://itg.ccci.org
>
>
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20071105/d6506e8c/attachment.html
More information about the cas-dev
mailing list