tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ralph Carlson <RACARL...@mediacomcc.com>
Subject RE: using Servlet Filter to rewrite domain of JSESSIONID cookie?
Date Thu, 01 Jul 2010 00:05:50 GMT
can you extend org.apache.catalina.connector.Response adding the HttpResponse object and its
getter/setter
and call that before valve.invoke()

also depending on what you are putting in your cookie and if the users are logging on or not
(you could also use ipaddress but that is flaky is they are using proxies) I usually just
put the custom user settings in a database now as most virus scanner and malware scanner keep
removing my users cookies anyway


________________________________________
From: users-return-214168-RACARLSON=mediacomcc.com@tomcat.apache.org [users-return-214168-RACARLSON=mediacomcc.com@tomcat.apache.org]
On Behalf Of Nikita Tovstoles [nikita.tovstoles@gmail.com]
Sent: Wednesday, June 30, 2010 6:20 PM
To: Tomcat Users List
Subject: using Servlet Filter to rewrite domain of JSESSIONID cookie?

I'd like to make session cookie domain-wide, and ignore subdomains - in
Tomcat 6. So for app reachable via my.site.com and www.site.com, I'd like to
have session cookie's domain be ".site.com". I thought of doing so using a
ServletResponseWrapper and a servlet Filter:

    @Override
    public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException,
            ServletException
    {
        if (!(response instanceof
SessionCookieDomainSettingServletResponseWrapper))
        {
            response = new
SessionCookieDomainSettingServletResponseWrapper((HttpServletResponse)
response);
        }
        chain.doFilter(request, response);
    }

and in wrapper:
    @Override
    public void addCookie(Cookie cookie)
    {
        if (cookie != null && SESSION_COOKIE_NAME.equals(cookie.getName()))
        {
            // update domain name to just the domain
            stripSubDomain(cookie);
        }
        super.addCookie(cookie);
    }

However, JSESSIONID continues to be set to FQ host name ("my.site.com").

Is it because Tomcat internals do not use HttpServletResponse.addCookie() to
set JSESSIONID or is that cookie set before filter chain gets executed?

If so, sounds like Filter is (sadly) not applicable for this case, and I
have to create a custom Valve? Any tips on how to
wrap org.apache.catalina.connector.Response - valve.invoke() does not take
HttpServletResponse...

thanks
-nikita

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message