tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: using Servlet Filter to rewrite domain of JSESSIONID cookie?
Date Thu, 01 Jul 2010 01:26:00 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nikita,

On 6/30/2010 6:20 PM, Nikita Tovstoles wrote:
> I'd like to make session cookie domain-wide, and ignore subdomains - in
> Tomcat 6.

You could use the emptySessionPath="true" setting in your <Connector>.

http://tomcat.apache.org/tomcat-6.0-doc/config/http.html

> So for app reachable via my.site.com and www.site.com, I'd like to
> have session cookie's domain be ".site.com". I thought of doing so using a
> ServletResponseWrapper and a servlet Filter:

A filter won't work, as the cookie is (typically) created at the Valve
level, before your filter has a chance to run.

> However, JSESSIONID continues to be set to FQ host name ("my.site.com").

If you use a properly-configured Valve that does roughly the same thing,
I think it'll work.

> Is it because Tomcat internals do not use HttpServletResponse.addCookie() to
> set JSESSIONID or is that cookie set before filter chain gets executed?

Definitely the latter, but possibly also the former: the authenticator
valve might call methods directly on the non-spec Request object,
instead of a ServletRequest object.

> If so, sounds like Filter is (sadly) not applicable for this case, and I
> have to create a custom Valve? Any tips on how to
> wrap org.apache.catalina.connector.Response - valve.invoke() does not take
> HttpServletResponse...

See the handy configuration parameter above and save yourself a lot of
headache.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkwr7qgACgkQ9CaO5/Lv0PDX2gCgw6h+ShBbsh+eA8weblUdcVBg
LmsAoIDhIneS/KWhhgZ6ed1+zF82tnAD
=OMFW
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message