You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by "Brane F. Gračnar" <bf...@najdi.si> on 2009/04/06 18:05:00 UTC
[PATCH]: configurable session cookie domain (subdomain session support)
Hello :)
We needed subdomain session cookie support for our java webapp; currently
there is no way to configure cookie domain attribute in tomcat <= 6.0.18.
This patch adds this functionality. Cookie domain can be specified as Manager
property (default null == turned off) in conf/context.xml or on per webapp
context property (conf/<engine_name>/<vhost>/appname.xml or
META-INF/context.xml).
--- snip ---
<Context override="true">
<Manager cookieDomain=".example.org" />
</Context>
--- snip ---
Webapp will then issue session cookies in the following form:
JSESSIONID=D29B85A0D5E3AADA7DAA2B8DE660B0B3; Domain=.example.org; Path=/
Browser will send this cookie to sites www.example.org, subsite.example.org,
etc...
This functionality is already implemented in Resin and Jetty.
How to use/apply:
svn co http://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_18
cd TOMCAT_6_0_18
patch -p0 < /path/to/tomcat-6.0.18-subdomain-session-cookie.patch
ant download
ant
Best regards, Brane
Re: [PATCH]: configurable session cookie domain (subdomain session
support)
Posted by Rainer Jung <rj...@apache.org>.
On 07.04.2009 00:46, Brane F. Gračnar wrote:
> On Monday 06 April 2009 18:19:26 Mark Thomas wrote:
>> It would also be a good idea to
>> include an update to the documentation in your patch.
>
> I know that this is a stupid question, but i don't have any idea which files
> to update :)
http://marc.info/?l=tomcat-user&m=123729925416509&w=2
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [PATCH]: configurable session cookie domain (subdomain session support)
Posted by "Brane F. Gračnar" <bf...@najdi.si>.
On Monday 06 April 2009 18:19:26 Mark Thomas wrote:
> Please create a bugzilla entry for this and attach the patch there so it
> doesn't get lost.
Done.
> To keep this consistent with httpOnly, this should be configured at the
> Context level rather than the manager.
Ok, this makes sense. I'll try to push this somewhere in context and i'll try
to create another patch.
> It would also be a good idea to
> include an update to the documentation in your patch.
I know that this is a stupid question, but i don't have any idea which files
to update :)
If all mentioned criterias will be met, are there any chances to push this
into future releases of 6.0.x?
Best regards, Brane
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [PATCH]: configurable session cookie domain (subdomain session
support)
Posted by Mark Thomas <ma...@apache.org>.
Brane F. Grac(nar wrote:
> Hello :)
>
> We needed subdomain session cookie support for our java webapp; currently
> there is no way to configure cookie domain attribute in tomcat <= 6.0.18.
>
> This patch adds this functionality. Cookie domain can be specified as Manager
> property (default null == turned off) in conf/context.xml or on per webapp
> context property (conf/<engine_name>/<vhost>/appname.xml or
> META-INF/context.xml).
Please create a bugzilla entry for this and attach the patch there so it
doesn't get lost.
To keep this consistent with httpOnly, this should be configured at the
Context level rather than the manager. It would also be a good idea to
include an update to the documentation in your patch.
Mark
>
> --- snip ---
> <Context override="true">
> <Manager cookieDomain=".example.org" />
> </Context>
> --- snip ---
>
> Webapp will then issue session cookies in the following form:
>
> JSESSIONID=D29B85A0D5E3AADA7DAA2B8DE660B0B3; Domain=.example.org; Path=/
>
> Browser will send this cookie to sites www.example.org, subsite.example.org,
> etc...
>
> This functionality is already implemented in Resin and Jetty.
>
> How to use/apply:
> svn co http://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_18
> cd TOMCAT_6_0_18
> patch -p0 < /path/to/tomcat-6.0.18-subdomain-session-cookie.patch
> ant download
> ant
>
> Best regards, Brane
>
>
> ------------------------------------------------------------------------
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org