You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2010/03/10 13:54:16 UTC
svn commit: r921331 - in /tomcat/trunk: java/org/apache/catalina/
java/org/apache/catalina/connector/ java/org/apache/catalina/core/
webapps/docs/config/
Author: markt
Date: Wed Mar 10 12:54:16 2010
New Revision: 921331
URL: http://svn.apache.org/viewvc?rev=921331&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48258 for TC7
Allow session cookie domain to be over-ridden by context configuration in the same way httpOnly may be
Based on a patch by Donn Aiken
Modified:
tomcat/trunk/java/org/apache/catalina/Context.java
tomcat/trunk/java/org/apache/catalina/connector/Request.java
tomcat/trunk/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java
tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
tomcat/trunk/webapps/docs/config/context.xml
Modified: tomcat/trunk/java/org/apache/catalina/Context.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/Context.java?rev=921331&r1=921330&r2=921331&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/Context.java (original)
+++ tomcat/trunk/java/org/apache/catalina/Context.java Wed Mar 10 12:54:16 2010
@@ -175,6 +175,7 @@ public interface Context extends Contain
*/
public void setCookies(boolean cookies);
+
/**
* Gets the value of the use HttpOnly cookies for session cookies flag.
*
@@ -192,6 +193,25 @@ public interface Context extends Contain
*/
public void setUseHttpOnly(boolean useHttpOnly);
+
+ /**
+ * Gets the domain to use for session cookies. Overrides any setting that
+ * may be specified by the application.
+ *
+ * @return The value of the default session cookie domain or null if not
+ * specified
+ */
+ public String getSessionCookieDomain();
+
+
+ /**
+ * Sets the domain to use for session cookies. Overrides any setting that
+ * may be specified by the application.
+ *
+ * @param sessionCookieDomain The domain to use
+ */
+ public void setSessionCookieDomain(String sessionCookieDomain);
+
/**
* Return the "allow crossing servlet contexts" flag.
*/
Modified: tomcat/trunk/java/org/apache/catalina/connector/Request.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Request.java?rev=921331&r1=921330&r2=921331&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/connector/Request.java (original)
+++ tomcat/trunk/java/org/apache/catalina/connector/Request.java Wed Mar 10 12:54:16 2010
@@ -2279,7 +2279,8 @@ public class Request
secure,
context.getUseHttpOnly(),
response.getConnector().getEmptySessionPath(),
- context.getEncodedPath());
+ context.getEncodedPath(),
+ context.getSessionCookieDomain());
response.addCookie(newCookie);
}
}
@@ -2560,7 +2561,8 @@ public class Request
isSecure(),
context.getUseHttpOnly(),
connector.getEmptySessionPath(),
- context.getEncodedPath());
+ context.getEncodedPath(),
+ context.getSessionCookieDomain());
response.addCookieInternal(cookie);
}
Modified: tomcat/trunk/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java?rev=921331&r1=921330&r2=921331&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java Wed Mar 10 12:54:16 2010
@@ -112,10 +112,12 @@ public class ApplicationSessionCookieCon
* @param httpOnly Should session cookie be configured as httpOnly
* @param emptyPath Should session cookie be configured with empty path
* @param contextPath Context path to use if required
+ * @param domain Domain to use for the session cookie. If null, use the
+ * domain specified by the scc parameter.
*/
public static Cookie createSessionCookie(SessionCookieConfig scc,
String sessionId, boolean secure, boolean httpOnly,
- boolean emptyPath, String contextPath) {
+ boolean emptyPath, String contextPath, String domain) {
// Session config can over-ride default name
String cookieName = scc.getName();
@@ -127,9 +129,14 @@ public class ApplicationSessionCookieCon
// Just apply the defaults.
cookie.setMaxAge(scc.getMaxAge());
cookie.setComment(scc.getComment());
- // Avoid possible NPE
- if (scc.getDomain() != null) {
- cookie.setDomain(scc.getDomain());
+
+ if (domain == null) {
+ // Avoid possible NPE
+ if (scc.getDomain() != null) {
+ cookie.setDomain(scc.getDomain());
+ }
+ } else {
+ cookie.setDomain(domain);
}
// Always set secure if the request is secure
Modified: tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardContext.java?rev=921331&r1=921330&r2=921331&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/StandardContext.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/StandardContext.java Wed Mar 10 12:54:16 2010
@@ -716,11 +716,20 @@ public class StandardContext
*/
private boolean saveConfig = true;
+
/**
* The flag that indicates that session cookies should use HttpOnly
*/
private boolean useHttpOnly = true;
+
+ /**
+ * The domain to use for session cookies. <code>null</code> indicates that
+ * the domain is controlled by the application.
+ */
+ private String sessionCookieDomain;
+
+
/**
* The Jar scanner to use to search for Jars that might contain
* configuration information such as TLDs or web-fragment.xml files.
@@ -1272,7 +1281,31 @@ public class StandardContext
}
-
+ /**
+ * Gets the domain to use for session cookies. Overrides any setting that
+ * may be specified by the application.
+ *
+ * @return The value of the default session cookie domain or null if not
+ * specified
+ */
+ public String getSessionCookieDomain() {
+ return sessionCookieDomain;
+ }
+
+
+ /**
+ * Sets the domain to use for session cookies. Overrides any setting that
+ * may be specified by the application.
+ *
+ * @param sessionCookieDomain The domain to use
+ */
+ public void setSessionCookieDomain(String sessionCookieDomain) {
+ String oldSessionCookieDomain = this.sessionCookieDomain;
+ this.sessionCookieDomain = sessionCookieDomain;
+ support.firePropertyChange("sessionCookieDomain",
+ oldSessionCookieDomain, sessionCookieDomain);
+ }
+
/**
* Return the "allow crossing servlet contexts" flag.
Modified: tomcat/trunk/webapps/docs/config/context.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/context.xml?rev=921331&r1=921330&r2=921331&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/context.xml (original)
+++ tomcat/trunk/webapps/docs/config/context.xml Wed Mar 10 12:54:16 2010
@@ -237,6 +237,13 @@
on demand.</p>
</attribute>
+ <attribute name="sessionCookieDomain" required="false">
+ <p>The domain to be used for all session cookies created for this
+ context. If set, this overrides any domain set by the web application.
+ If not set, the value specified by the web application, if any, will be
+ used.</p>
+ </attribute>
+
<attribute name="wrapperClass" required="false">
<p>Java class name of the <code>org.apache.catalina.Wrapper</code>
implementation class that will be used for servlets managed by this
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org