You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Daniel M Garland <da...@titanemail.com> on 2007/10/01 12:12:49 UTC

Re: Tomcat jsessionid cookie across subdomain valve

Any thoughts? If this is OT anyone know an appropriate list to post to?

Daniel M Garland wrote:
> Hi all,
> 
> I have a web application that is installed on a virtual host that has a 
> number of subdomains defined with <Alias> elements in server.xml. We 
> would like cookie sessions persist to across these subdomains, and I 
> understand that this is not standard as defined in the servlet 
> specification. Therefore I am trying to write a custom Valve that 
> re-writes the domain on a Cookie to be ".mydomain.com", rather than 
> "www.mydomain.com". From searching the web to looking at what Daniel 
> Rall wrote for Tomcat 4 I have tried the invoke() method below in my 
> valve. Unfortunately, it doesn't seem to work; in my log I see the debug 
> output that tells me the domain is being set, but when I look at the 
> cookie in my Firefox web developer toolbar it says that the host of the 
> cookie is www.mydomain.com.
> 
> Has anyone got this to work in Tomcat 5.5.2? Why doesn't this code work 
> and can anybody tell me if there is anything else I need to change? From 
> what I can tell if this doesn't work my options are to edit Tomcat 
> sources or persuade the boss to get Resin (which supports this feature).
> 
> BTW I already have cookies="false" in my Context for the time being, its 
> OK as an interim measure but I'd prefer to have cookies sorted.
> 
> public void invoke(Request request, Response response) throws 
> IOException, ServletException
>    {
>       if(request instanceof HttpServletRequest &&
>          response instanceof HttpServletResponse &&
>          request.getCookies() != null)
>       {
>         HttpServletRequest httprequest = (HttpServletRequest) request;
>         HttpServletResponse httpresponse = (HttpServletResponse) response;
> 
>         boolean domainwasset = setDomainOnCookies(request.getCookies());
>         if(!domainwasset)
>         {
>            HttpSession session = httprequest.getSession();
>            if(session.isNew())
>            {
>                containerLog.info((session.isNew() ? "new" : "old") + " 
> session, requested ID="
>                      + httprequest.getRequestedSessionId() + ", actual 
> ID =" + session.getId());
> 
> 
>            Cookie cookie = new Cookie(Globals.SESSION_COOKIE_NAME, 
> session.getId());
>            cookie.setMaxAge(-1);
> 
>            // Set the cookie path
>            String cookiepath = getCookiePath();
>            if(cookiepath == null || cookiepath.trim().length() == 0)
>            {
>                cookiepath = request.getContextPath();
>                if(cookiepath == null || cookiepath.trim().length() == 0)
>                {
>                   cookiepath = "/";
>                }
>            }
> 
>            if(httprequest.isSecure())
>            {
>              cookie.setSecure(true);
>            }
> 
>            cookie.setDomain(getCookieDomain());
>            containerLog.info("Adding cookie for "+ getCookieDomain());
>            httpresponse.addCookie(cookie);
>            }
>         }
> 
>       }
> 
>       // We're done, bring on the next valve
>       if(next != null)
>       {
>          next.invoke(request, response);
>       }
>    }
> 
>    private boolean setDomainOnCookies(Cookie[] cookies)
>    {
>       boolean domainset = false;
>       if(cookies != null)
>       {
>          for(Cookie c : cookies)
>          {
>             if(c != null && 
> c.getName().equals(Globals.SESSION_COOKIE_NAME))
>             {
>                containerLog.info("Setting cookie " + c.getName() +" to " 
> + getCookieDomain() + ", was " + c.getDomain());
>                c.setDomain(getCookieDomain());
>                domainset = true;
>             }
>          }
>       }
> 
>       return domainset;
>    }
> 
> 
> Thanks in advance
> Dan Garland
> daniel.garland@NO-SPAMtitanemail.com
> 
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email 
> ______________________________________________________________________
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email 
> ______________________________________________________________________
> 

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org