You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Daniel M Garland <da...@titanemail.com> on 2007/10/01 12:12:49 UTC
Re: Tomcat jsessionid cookie across subdomain valve
Any thoughts? If this is OT anyone know an appropriate list to post to?
Daniel M Garland wrote:
> Hi all,
>
> I have a web application that is installed on a virtual host that has a
> number of subdomains defined with <Alias> elements in server.xml. We
> would like cookie sessions persist to across these subdomains, and I
> understand that this is not standard as defined in the servlet
> specification. Therefore I am trying to write a custom Valve that
> re-writes the domain on a Cookie to be ".mydomain.com", rather than
> "www.mydomain.com". From searching the web to looking at what Daniel
> Rall wrote for Tomcat 4 I have tried the invoke() method below in my
> valve. Unfortunately, it doesn't seem to work; in my log I see the debug
> output that tells me the domain is being set, but when I look at the
> cookie in my Firefox web developer toolbar it says that the host of the
> cookie is www.mydomain.com.
>
> Has anyone got this to work in Tomcat 5.5.2? Why doesn't this code work
> and can anybody tell me if there is anything else I need to change? From
> what I can tell if this doesn't work my options are to edit Tomcat
> sources or persuade the boss to get Resin (which supports this feature).
>
> BTW I already have cookies="false" in my Context for the time being, its
> OK as an interim measure but I'd prefer to have cookies sorted.
>
> public void invoke(Request request, Response response) throws
> IOException, ServletException
> {
> if(request instanceof HttpServletRequest &&
> response instanceof HttpServletResponse &&
> request.getCookies() != null)
> {
> HttpServletRequest httprequest = (HttpServletRequest) request;
> HttpServletResponse httpresponse = (HttpServletResponse) response;
>
> boolean domainwasset = setDomainOnCookies(request.getCookies());
> if(!domainwasset)
> {
> HttpSession session = httprequest.getSession();
> if(session.isNew())
> {
> containerLog.info((session.isNew() ? "new" : "old") + "
> session, requested ID="
> + httprequest.getRequestedSessionId() + ", actual
> ID =" + session.getId());
>
>
> Cookie cookie = new Cookie(Globals.SESSION_COOKIE_NAME,
> session.getId());
> cookie.setMaxAge(-1);
>
> // Set the cookie path
> String cookiepath = getCookiePath();
> if(cookiepath == null || cookiepath.trim().length() == 0)
> {
> cookiepath = request.getContextPath();
> if(cookiepath == null || cookiepath.trim().length() == 0)
> {
> cookiepath = "/";
> }
> }
>
> if(httprequest.isSecure())
> {
> cookie.setSecure(true);
> }
>
> cookie.setDomain(getCookieDomain());
> containerLog.info("Adding cookie for "+ getCookieDomain());
> httpresponse.addCookie(cookie);
> }
> }
>
> }
>
> // We're done, bring on the next valve
> if(next != null)
> {
> next.invoke(request, response);
> }
> }
>
> private boolean setDomainOnCookies(Cookie[] cookies)
> {
> boolean domainset = false;
> if(cookies != null)
> {
> for(Cookie c : cookies)
> {
> if(c != null &&
> c.getName().equals(Globals.SESSION_COOKIE_NAME))
> {
> containerLog.info("Setting cookie " + c.getName() +" to "
> + getCookieDomain() + ", was " + c.getDomain());
> c.setDomain(getCookieDomain());
> domainset = true;
> }
> }
> }
>
> return domainset;
> }
>
>
> Thanks in advance
> Dan Garland
> daniel.garland@NO-SPAMtitanemail.com
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
>
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org