You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Vijay Narayanan <vi...@gmail.com> on 2009/11/12 19:24:21 UTC
Modifying session cookie properties
Hi,
I am using Tomcat 6.0.20 and JDK 1.6. I am trying to find out if there is a
way to set cookie domain (to .mycompany.com) and cookie parameter name (from
jsessionid to abcjsessionid).
I created a setenv.bat with the following line to set the system property
for changing session cookie name (based on docs
http://tomcat.apache.org/tomcat-6.0-doc/config/systemprops.html): SET
JAVA_OPTS=-Dorg.apache.
catalina.SESSION_COOKIE_NAME=abcjsession
This works fine and i do see the session cookie name is named abcjsession.
However, I am not able to figure out how to set the domain name to a custom
value (e.g. .mycompany.com).
In Weblogic these settings are specified in the weblogic.xml file and we are
trying to find the tomcat equivalent:
<session-descriptor>
<session-param>
<param-name>CookieName</param-name>
<param-value>abcjsession</param-value>
</session-param>
<session-param>
<param-name>CookieDomain</param-name>
<param-value>.mycompany.com</param-value>
</session-param>
</session-descriptor>
Can anyone please guide if there is a way to set cookie domain name?
thanks!
Vijay
Re: Modifying session cookie properties
Posted by Vijay Narayanan <vi...@gmail.com>.
Thanks a lot for these suggestions Chris. We are not using single sign-on. I
will explore the Valve option you have suggested.
thanks!
Vijay
On Thu, Nov 12, 2009 at 5:24 PM, Christopher Schultz <
chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Vijay,
>
> On 11/12/2009 1:24 PM, Vijay Narayanan wrote:
> > However, I am not able to figure out how to set the domain name to a
> custom
> > value (e.g. .mycompany.com).
>
> A quick look through the 6.0.20 source code seems to indicate that
> Tomcat does not set the domain at all for regular JSESSIONID cookies,
> though you do have some measure of control over SSO cookies. Are you
> using single-sign-on?
>
> Assuming you are not using SSO, I don't think there is any Tomcat
> configuration to adjust the domain name, here, but you still have options.
>
> You could write a valve that wraps the response to intercept any
> addCookie calls and re-write the domain for any using
> SESSION_COOKIE_NAME as the cookie name.
>
> Or, you could hack org/apache/catalina/connector/Request.java to do that
> for you. You could even hack that class to use a new system property
> (say, SESSION_COOKIE_DOMAIN) if it exists and then submit a patch for
> inclusion into the Tomcat source.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkr8izoACgkQ9CaO5/Lv0PCvhACeKiNBzRIgTlSv9GNN//9CS011
> 1uMAoIxshpwVvH8g8/vDxZuE7xzuGU+G
> =HJQT
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Modifying session cookie properties
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Vijay,
On 11/12/2009 1:24 PM, Vijay Narayanan wrote:
> However, I am not able to figure out how to set the domain name to a custom
> value (e.g. .mycompany.com).
A quick look through the 6.0.20 source code seems to indicate that
Tomcat does not set the domain at all for regular JSESSIONID cookies,
though you do have some measure of control over SSO cookies. Are you
using single-sign-on?
Assuming you are not using SSO, I don't think there is any Tomcat
configuration to adjust the domain name, here, but you still have options.
You could write a valve that wraps the response to intercept any
addCookie calls and re-write the domain for any using
SESSION_COOKIE_NAME as the cookie name.
Or, you could hack org/apache/catalina/connector/Request.java to do that
for you. You could even hack that class to use a new system property
(say, SESSION_COOKIE_DOMAIN) if it exists and then submit a patch for
inclusion into the Tomcat source.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkr8izoACgkQ9CaO5/Lv0PCvhACeKiNBzRIgTlSv9GNN//9CS011
1uMAoIxshpwVvH8g8/vDxZuE7xzuGU+G
=HJQT
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org