tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nikita Tovstoles <nikita.tovsto...@gmail.com>
Subject Re: using Servlet Filter to rewrite domain of JSESSIONID cookie?
Date Thu, 01 Jul 2010 22:37:55 GMT
I borrowed "sub-domain" from Google Analytics terminology. I have one
server, running one tomcat instance with one virtual host. That host is
running one app - a JS/html widget that is embedded on multiple sites.

We need to track usage per-deployment (per site embedding the wiget). For
(google) analytics purposes, the easiest way to do so is to have a different
(sub)domain per deployment. So the same tomcat instance is responding to
requests for site1.widget.com, site2.widget.com, etc.

a user may interact with 2 widget deployed on 2 different sites (and thus
served from different (sub)domains) within 30 minutes. It is for this case
that we want user to share the same HttpSession:

- go to some site A where our widget is deployed at site1.widget.com
- go to some other site B where our widget is deployed at site2.widget.com
- reuse the same JSESSIONID because its' domain is set to ".widget.com"

Make sense?





On Thu, Jul 1, 2010 at 3:07 PM, André Warnier <aw@ice-sa.com> wrote:

> Nikita Tovstoles wrote:
>
>> thanks for the pointers. However, emptySessionPath - from what I can tell
>> -
>> only deals with paths (not domain). how could I use it do ignore
>>  subdomains?
>>
>>
>>  What I do not really understand in all this, is what the point is, of
> having the same JSESSIONID (and by extension, I suppose, session) for
> different domains.
> (And I find the term "sub-domain" confusing, apart from the fact that
> technically, there is no such thing).
> If you have 2 hosts a.somedomain.com and b.somedomain.com, they could be
> virtual hosts inside the same tomcat, but they could also be entirely
> distinct hosts with two separate Tomcat's, and the client would/should never
> know.
> So having the same "session" covering the two hosts does not seem to make
> sense, to me at least.
> I can understand storing some other information into a separate cookie,
> which would be valid for the whole somedomain.com, but the session-id ?
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message