You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Simon Lau <si...@tradeeasy.com> on 2005/02/05 04:49:39 UTC

Re: apache + tomcat with 2 domains but same session?

Just want you guys to know that I have found a solution for my problem.

I have to change the source code in tomcat to get this to work.
Here is what I've done:
In source org.apache.coyote.tomcat5.CoyoteRequest line 2313 (btw, I am using
tomcat5.0.28 source) I added
          cookie.setDomain(".abc.com"); // beware of the leading dot
compile the source and replace the new catalina.jar into my tomcat
server/lib directory.

I am now able to switch between both
http://aaa.abc.com/myapp/index.jsp
http://bbb.abc.com/myapp/index.jsp
and the session persists !!!

I wonder why the web.xml file in conf/ didn't provide such an option for us
to set more cookie options.
As for now, I can only set session-timeout in web.xml.
I suggest adding like cookie-domain
    <session-config>
        <session-timeout>30</session-timeout>
        <cookie-domain>.abc.com</cookie-domain>
    </session-config>
I know resin have such an option, see here
http://browserinsight2.lunaimaging.com:8090/ref/app-config.xtp#session-config

I am posting this to both user list and developer list, I hope someone in
the tomcat project will read it and implement this in the future.

Thanks everyone that have helped me though, means a lot.
Simon



----- Original Message ----- 
From: "Tim Funk" <fu...@joedog.org>
To: "Tomcat Users List" <to...@jakarta.apache.org>
Sent: Wednesday, January 12, 2005 8:43 PM
Subject: Re: apache + tomcat with 2 domains but same session?


> [I have a major sinus cold - so I might not be writing clearly ...]
>
> I don't think URL rewriting from apache mod_rewrite will solve your
problem.
> Tomcat maintains state with the session via a session cookie. The cookie
is
> fixed to the currnet domain name (not configurable) and the cookie is
fixed
> to the current webapp path(also not configurable).
>
> But the session cookie is the key to picking up the session. Since you are
> working in a differnet domain - the session cookie is not sent by the
client.
>
> But for clients that do not allow cookies, you can use url rewriting via
the
> servlet API. (See HttpResponse.encodeUrl()). This method detects whether
the
> client has sent the request and maintained state via a session cookie and
if
> a cookie was not used, the url is rewritten and encoded with a path
variable
> called jsessionid. (eg: foo.jsp;jsessionid=ABDDAAN9900)
>
> To get a session from aaa.com to work in bbb.com - you need to have a page
on
> aaa.com link to bbb.com with the URL containing the jessessionid path
parameter.
>
> -Tim
>
> Simon Lau wrote:
> > Tim, thanks for your help. but...
> > I have been following your suggestion and use mod_rewrite to rewrite
> > bbb.abc.com to aaa.abc.com.
> > Here is 3 scenarios:
> > 1)
> >    RewriteCond %{HTTP_HOST}          ^bbb\.(.*)$
> >    RewriteRule ^(.+)                 http://aaa.%1$1
> > Client access http://bbb.abc.com/myapp/index.jsp
> > Client brower address bar display http://aaa.abc.com/myapp/index.jsp
(but i
> > want http://bbb.abc.com/myapp/index.jsp instead)
> > Session persist, no problem
> >
> > 2)
> >    RewriteCond %{HTTP_HOST}          ^bbb\.(.*)$
> >    RewriteRule ^(.+)                 http://aaa.%1$1
[PT]
> > Client access http://bbb.abc.com/myapp/index.jsp
> > Client brower address bar display http://bbb.abc.com/myapp/index.jsp
> > Client brower display "400 Bad Request error"
> > mod_rewrite.log get "forcing 'http://aaa.abc.com/myapp/index.jsp' to get
> > passed through to next API URI-to-filename handler
> >
> > 3)
> >    RewriteCond %{HTTP_HOST}          ^bbb\.(.*)$
> >    RewriteRule ^(.+)                 http://aaa.%1$1
[P]
> > Client access http://bbb.abc.com/myapp/index.jsp
> > Client brower address bar display http://bbb.abc.com/myapp/index.jsp
> > Client brower display "Forbidden, You don't have permission to access
> > /myapp/index.jsp"
> > mod_rewrite.log get "forcing proxy-throughput with
> > http://aaa.abc.com/myapp/index.jsp"
> >
> > so all of these cases didn't give me the result i wanted.
> > the result i wanted is:
> > -Client access http://bbb.abc.com/myapp/index.jsp
> > -Client brower address bar display http://bbb.abc.com/myapp/index.jsp
> > -Session persist with http://aaa.abc.com/myapp/index.jsp
> >
> > Am i on the right track? or am i doing it totally wrong? or is there way
to
> > get around this?
> >
> > please help. thanks again.
> >
> > Simon
> >
> >
> > ----- Original Message ----- 
> > From: "Tim Funk" <fu...@joedog.org>
> > To: "Tomcat Users List" <to...@jakarta.apache.org>
> > Sent: Tuesday, January 11, 2005 7:44 PM
> > Subject: Re: apache + tomcat with 2 domains but same session?
> >
> >
> >
> >>You can get away with this by using URL rewriting. When you are using
> >>aaa.abc.com and wish to redirect or link to bbb.abc.com - you would need
> >
> > to
> >
> >>rewrite the URL to include the jsessionid path parameter. But you
*cannot*
> >
> > do
> >
> >>this via response.encodeURL(..) since that method will detect your URL
is
> >
> > in
> >
> >>another webapp. So you will need to write your own implementation of
> >>encodeURL to achieve this.
> >>
> >>-Tim
> >>
> >>Simon Lau wrote:
> >>
> >>>Hi,
> >>>
> >>>I want to setup my apache to have 2 domains, say aaa.abc.com and
> >>>bbb.abc.com.
> >>>Both of this domain goes to the same application context, say /myapp
> >>>So when i access both
> >>>http://aaa.abc.com/myapp/index.jsp
> >>>http://bbb.abc.com/myapp/index.jsp
> >>>will give me the exact same content, no problem.
> >>>
> >>>My question is how do i persist the session while i switch between
> >>>aaa.abc.com and bbb.abc.com?
> >>>For example i have a shopping basket storing with 2 products and i want
> >
> > to
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org

Re: apache + tomcat with 2 domains but same session?

Posted by Yoav Shapira <yo...@MIT.EDU>.

Hi,
It's great for you that you have a solution, but it's not compatible with the
Servlet Spec and therefore can't be integrated into Tomcat.  It's not a Tomcat
bug, but rather your requirements that are in conflict with the Spec.

Yoav

Quoting Simon Lau <si...@tradeeasy.com>:

> 
> Just want you guys to know that I have found a solution for my problem.
> 
> I have to change the source code in tomcat to get this to work.
> Here is what I've done:
> In source org.apache.coyote.tomcat5.CoyoteRequest line 2313 (btw, I am using
> tomcat5.0.28 source) I added
>           cookie.setDomain(".abc.com"); // beware of the leading dot
> compile the source and replace the new catalina.jar into my tomcat
> server/lib directory.
> 
> I am now able to switch between both
> http://aaa.abc.com/myapp/index.jsp
> http://bbb.abc.com/myapp/index.jsp
> and the session persists !!!
> 
> I wonder why the web.xml file in conf/ didn't provide such an option for us
> to set more cookie options.
> As for now, I can only set session-timeout in web.xml.
> I suggest adding like cookie-domain
>     <session-config>
>         <session-timeout>30</session-timeout>
>         <cookie-domain>.abc.com</cookie-domain>
>     </session-config>
> I know resin have such an option, see here
> http://browserinsight2.lunaimaging.com:8090/ref/app-config.xtp#session-config
> 
> I am posting this to both user list and developer list, I hope someone in
> the tomcat project will read it and implement this in the future.
> 
> Thanks everyone that have helped me though, means a lot.
> Simon
> 
> 
> 
> ----- Original Message ----- 
> From: "Tim Funk" <fu...@joedog.org>
> To: "Tomcat Users List" <to...@jakarta.apache.org>
> Sent: Wednesday, January 12, 2005 8:43 PM
> Subject: Re: apache + tomcat with 2 domains but same session?
> 
> 
> > [I have a major sinus cold - so I might not be writing clearly ...]
> >
> > I don't think URL rewriting from apache mod_rewrite will solve your
> problem.
> > Tomcat maintains state with the session via a session cookie. The cookie
> is
> > fixed to the currnet domain name (not configurable) and the cookie is
> fixed
> > to the current webapp path(also not configurable).
> >
> > But the session cookie is the key to picking up the session. Since you are
> > working in a differnet domain - the session cookie is not sent by the
> client.
> >
> > But for clients that do not allow cookies, you can use url rewriting via
> the
> > servlet API. (See HttpResponse.encodeUrl()). This method detects whether
> the
> > client has sent the request and maintained state via a session cookie and
> if
> > a cookie was not used, the url is rewritten and encoded with a path
> variable
> > called jsessionid. (eg: foo.jsp;jsessionid=ABDDAAN9900)
> >
> > To get a session from aaa.com to work in bbb.com - you need to have a page
> on
> > aaa.com link to bbb.com with the URL containing the jessessionid path
> parameter.
> >
> > -Tim
> >
> > Simon Lau wrote:
> > > Tim, thanks for your help. but...
> > > I have been following your suggestion and use mod_rewrite to rewrite
> > > bbb.abc.com to aaa.abc.com.
> > > Here is 3 scenarios:
> > > 1)
> > >    RewriteCond %{HTTP_HOST}          ^bbb\.(.*)$
> > >    RewriteRule ^(.+)                 http://aaa.%1$1
> > > Client access http://bbb.abc.com/myapp/index.jsp
> > > Client brower address bar display http://aaa.abc.com/myapp/index.jsp
> (but i
> > > want http://bbb.abc.com/myapp/index.jsp instead)
> > > Session persist, no problem
> > >
> > > 2)
> > >    RewriteCond %{HTTP_HOST}          ^bbb\.(.*)$
> > >    RewriteRule ^(.+)                 http://aaa.%1$1
> [PT]
> > > Client access http://bbb.abc.com/myapp/index.jsp
> > > Client brower address bar display http://bbb.abc.com/myapp/index.jsp
> > > Client brower display "400 Bad Request error"
> > > mod_rewrite.log get "forcing 'http://aaa.abc.com/myapp/index.jsp' to get
> > > passed through to next API URI-to-filename handler
> > >
> > > 3)
> > >    RewriteCond %{HTTP_HOST}          ^bbb\.(.*)$
> > >    RewriteRule ^(.+)                 http://aaa.%1$1
> [P]
> > > Client access http://bbb.abc.com/myapp/index.jsp
> > > Client brower address bar display http://bbb.abc.com/myapp/index.jsp
> > > Client brower display "Forbidden, You don't have permission to access
> > > /myapp/index.jsp"
> > > mod_rewrite.log get "forcing proxy-throughput with
> > > http://aaa.abc.com/myapp/index.jsp"
> > >
> > > so all of these cases didn't give me the result i wanted.
> > > the result i wanted is:
> > > -Client access http://bbb.abc.com/myapp/index.jsp
> > > -Client brower address bar display http://bbb.abc.com/myapp/index.jsp
> > > -Session persist with http://aaa.abc.com/myapp/index.jsp
> > >
> > > Am i on the right track? or am i doing it totally wrong? or is there way
> to
> > > get around this?
> > >
> > > please help. thanks again.
> > >
> > > Simon
> > >
> > >
> > > ----- Original Message ----- 
> > > From: "Tim Funk" <fu...@joedog.org>
> > > To: "Tomcat Users List" <to...@jakarta.apache.org>
> > > Sent: Tuesday, January 11, 2005 7:44 PM
> > > Subject: Re: apache + tomcat with 2 domains but same session?
> > >
> > >
> > >
> > >>You can get away with this by using URL rewriting. When you are using
> > >>aaa.abc.com and wish to redirect or link to bbb.abc.com - you would need
> > >
> > > to
> > >
> > >>rewrite the URL to include the jsessionid path parameter. But you
> *cannot*
> > >
> > > do
> > >
> > >>this via response.encodeURL(..) since that method will detect your URL
> is
> > >
> > > in
> > >
> > >>another webapp. So you will need to write your own implementation of
> > >>encodeURL to achieve this.
> > >>
> > >>-Tim
> > >>
> > >>Simon Lau wrote:
> > >>
> > >>>Hi,
> > >>>
> > >>>I want to setup my apache to have 2 domains, say aaa.abc.com and
> > >>>bbb.abc.com.
> > >>>Both of this domain goes to the same application context, say /myapp
> > >>>So when i access both
> > >>>http://aaa.abc.com/myapp/index.jsp
> > >>>http://bbb.abc.com/myapp/index.jsp
> > >>>will give me the exact same content, no problem.
> > >>>
> > >>>My question is how do i persist the session while i switch between
> > >>>aaa.abc.com and bbb.abc.com?
> > >>>For example i have a shopping basket storing with 2 products and i want
> > >
> > > to
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
> 
> 




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org