tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel M Garland <>
Subject Tomcat jsessionid cookie across subdomain valve
Date Thu, 27 Sep 2007 16:41:23 GMT
Hi all,

I have a web application that is installed on a virtual host that has a 
number of subdomains defined with <Alias> elements in server.xml. We 
would like cookie sessions persist to across these subdomains, and I 
understand that this is not standard as defined in the servlet 
specification. Therefore I am trying to write a custom Valve that 
re-writes the domain on a Cookie to be "", rather than 
"". From searching the web to looking at what Daniel 
Rall wrote for Tomcat 4 I have tried the invoke() method below in my 
valve. Unfortunately, it doesn't seem to work; in my log I see the debug 
output that tells me the domain is being set, but when I look at the 
cookie in my Firefox web developer toolbar it says that the host of the 
cookie is

Has anyone got this to work in Tomcat 5.5.2? Why doesn't this code work 
and can anybody tell me if there is anything else I need to change? From 
what I can tell if this doesn't work my options are to edit Tomcat 
sources or persuade the boss to get Resin (which supports this feature).

BTW I already have cookies="false" in my Context for the time being, its 
OK as an interim measure but I'd prefer to have cookies sorted.

public void invoke(Request request, Response response) throws 
IOException, ServletException
       if(request instanceof HttpServletRequest &&
          response instanceof HttpServletResponse &&
          request.getCookies() != null)
         HttpServletRequest httprequest = (HttpServletRequest) request;
         HttpServletResponse httpresponse = (HttpServletResponse) 

         boolean domainwasset = 
            HttpSession session = httprequest.getSession();
       ? "new" : "old") + " 
session, requested ID="
                      + httprequest.getRequestedSessionId() + ", actual 
ID =" + session.getId());

            Cookie cookie = new Cookie(Globals.SESSION_COOKIE_NAME, 

            // Set the cookie path
            String cookiepath = getCookiePath();
            if(cookiepath == null || cookiepath.trim().length() == 0)
                cookiepath = request.getContextPath();
                if(cookiepath == null || cookiepath.trim().length() == 0)
                   cookiepath = "/";


  "Adding cookie for "+ getCookieDomain());


       // We're done, bring on the next valve
       if(next != null)
          next.invoke(request, response);

    private boolean setDomainOnCookies(Cookie[] cookies)
       boolean domainset = false;
       if(cookies != null)
          for(Cookie c : cookies)
             if(c != null && 
      "Setting cookie " + c.getName() +" to 
" + getCookieDomain() + ", was " + c.getDomain());
                domainset = true;

       return domainset;

Thanks in advance
Dan Garland

This email has been scanned by the MessageLabs Email Security System.
For more information please visit 

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message