tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid...@pidster.com>
Subject Re: How does one control what the path is on the JSESSIONID cookie?
Date Wed, 24 Jun 2009 14:12:16 GMT
John Caron wrote:
> Pid wrote:
>> Filip Hanik - Dev Lists wrote:
>>  
>>> John Caron wrote:
>>>    
>>>> Tomcat 6.0.18 automatically adds the session cookie like:
>>>>
>>>>  Set-Cookie: JSESSIONID=6D839FF3B960947CC6FD41B98CD02E0D; Path=/thredds
>>>>
>>>> How can I change the path part of the cookie?
>>>>       
>>> the only thing you can do is set it to empty, by using emptySessionPath.
>>>     
>>
>> Or you could change the name of your application.  That's unlikely to be
>> helpful though.
>>
>> Why does it matter?
>>
>> p
>>   
> The client may have more than one session, which must be distinguished
> by the path, eg i need:

That sounds alarming.  The path for a cookie is used to determine when
to send it for a given web application path.

If the cookie path is modified, as below, then the application won't
receive the path at all initially.

I don't think modifying the path will help you here.

You'd be better turning cookies off altogether and using URL based
session ids.  With the session in the URL, you can have multiple
sessions in different windows/tabs.


p


> Set-Cookie: JSESSIONID=6D839FF3B960947CC6FD41B98CD02E0D; Path=/thredds/p1


> A previous post had this filter, which im guessing i can modify :
> 
> package com.prosc.servlet;
> 
> import javax.servlet.*;
> import javax.servlet.http.*;
> import java.io.IOException;
> 
> /**
> * This class will set the cookie maxAge to match the session timeout
> value. That way, a user who closes their browser and
> * re-enters the site will still have the same session if it has not
> timed out on the server.
> */
> public class SessionCookieExtender implements Filter {
>    private static final String JSESSIONID = "JSESSIONID";
> 
>    public void init( FilterConfig config ) throws ServletException {}
> 
>    public void doFilter( ServletRequest _request, ServletResponse
> _response, FilterChain chain ) throws IOException, ServletException {
>        if( _response instanceof HttpServletResponse ) {
>            HttpServletRequest httpRequest = (HttpServletRequest)_request;
>            HttpServletResponse httpResponse =
> (HttpServletResponse)_response;
> 
>            HttpSession session = httpRequest.getSession();
>            if( session != null && session.getId() != null ) {
>                Cookie sessionCookie = new Cookie( JSESSIONID,
> session.getId() );
>                int sessionTimeoutSeconds =
> session.getMaxInactiveInterval();
>                sessionCookie.setMaxAge( sessionTimeoutSeconds );
>                sessionCookie.setPath( httpRequest.getContextPath() );
>                httpResponse.addCookie( sessionCookie ); //FIX! This
> doesn't actually get rid of the other cookie, but it seems to work OK
>            }
>        }
>        chain.doFilter( _request, _response );
>    }
> 
>    public void destroy() {}
> }
> 
> If there is a better way to do it, Id love to hear!
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message