-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Nikita,
On 6/30/2010 6:20 PM, Nikita Tovstoles wrote:
> I'd like to make session cookie domain-wide, and ignore subdomains - in
> Tomcat 6.
You could use the emptySessionPath="true" setting in your <Connector>.
http://tomcat.apache.org/tomcat-6.0-doc/config/http.html
> So for app reachable via my.site.com and www.site.com, I'd like to
> have session cookie's domain be ".site.com". I thought of doing so using a
> ServletResponseWrapper and a servlet Filter:
A filter won't work, as the cookie is (typically) created at the Valve
level, before your filter has a chance to run.
> However, JSESSIONID continues to be set to FQ host name ("my.site.com").
If you use a properly-configured Valve that does roughly the same thing,
I think it'll work.
> Is it because Tomcat internals do not use HttpServletResponse.addCookie() to
> set JSESSIONID or is that cookie set before filter chain gets executed?
Definitely the latter, but possibly also the former: the authenticator
valve might call methods directly on the non-spec Request object,
instead of a ServletRequest object.
> If so, sounds like Filter is (sadly) not applicable for this case, and I
> have to create a custom Valve? Any tips on how to
> wrap org.apache.catalina.connector.Response - valve.invoke() does not take
> HttpServletResponse...
See the handy configuration parameter above and save yourself a lot of
headache.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkwr7qgACgkQ9CaO5/Lv0PDX2gCgw6h+ShBbsh+eA8weblUdcVBg
LmsAoIDhIneS/KWhhgZ6ed1+zF82tnAD
=OMFW
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
|