Best way for allowing subdomain session cookies using Tomcat

Question

By default tomcat will create a session cookie for the current domain.

If you are on www.example.com, your cookie will be created for www.example.com (will only work

Answer 1

The valve techniques do not seem to be 100% perfect. If you dare to modify Tomcat itself:

catalina.jar contains the following class: org.apache.catalina.connector.Request

The Request has a method:

configureSessionCookie(Cookie cookie)

For our environment it was best to just hardcode it, but you could do more fancy logic:

cookie.setDomain(".xyz.com");

Seems to work perfectly. Would be nice if this was configurable in tomcat.