Sxyntheon
commented
9 months ago I thnik the reason for that is a change in the specification. RCF 6256 specifies that leading dots are ignored. All subdomains SHOULD be included if the domain attribute is set. So the problem here is, why isn´t the cookie sent to the api?
Currently the JSESSIONID cookie is assigned to "theschedule.de", which excludes the api server (api.theschedule.de) from accessing it. The correct way to make it accessible to both subdomains is settings the cookie domain to ".theschedule.de", but for some reason just setting this domain in the document.cookie string doesn't work