I just spent all day trying to find a app-server-agnostic workaround for this. Failing that, I decided to re-investigate your cookieDomain idea. I got it working. It needed to be in sun-web.xml instead of web.xml. Here's my full file:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD
Application Server 9.0 Servlet 2.5//EN'
'
http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd'>
<sun-web-app>
<session-config>
<cookie-properties>
<property name="cookieDomain" value=".mysite.com"/>
</cookie-properties>
</session-config>
</sun-web-app>
[Message sent by forum member 'onlyplastik' (onlyplastik)]
http://forums.java.net/jive/thread.jspa?messageID=344378