[xwiki-users] Cookie domains

Hello! I'm slowly implementing my intentions: http://mid.gmane.org/loom.20100612T141011-881%40post.gmane.org The problem I have noticed is that I can't login currently. Login page is located on http://wiki.x.metrolace.ru/ (wiki.x is ugly, I'll fix it later) and the headers look like this when I'm logging in: Set-Cookie: username="GpCybk1DvZRGHYktowzcuA__"; Version=1; Max-Age=1296000; Expires=Fri, 09-Jul-2010 17:54:46 GMT; Path=/; HttpOnly I can see no domain here despite I have set xwiki.authentication.cookiedomains=.metrolace.ru I have also tried xwiki.authentication.cookiedomains=metrolace.ru, it didn't work. As a consequence, the cookie is only valid on wiki.x.metrolace.ru, but not on e. g. http://photos.metrolace.ru/ I guess this is an effect of security improvement in 2.4M1: Added support for HttpOnly flag for session cookies (XSS protection measure) It was mentioned that it required manual headers composing, and domains might have been forgot when writing from scratch. Is it a bug or maybe I'm missing something? -- If you want to get to the top, you have to start at the bottom