[ https://issues.apache.org/jira/browse/OFBIZ-4785?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
K Sharad Bhushan updated OFBIZ-4785: ------------------------------------ Labels: api-change ofbiz tomcat (was: api-change ofbiz) > Enable Cross (Sub)Domain Tracking is not working - tomcat > --------------------------------------------------------- > > Key: OFBIZ-4785 > URL: https://issues.apache.org/jira/browse/OFBIZ-4785 > Project: OFBiz > Issue Type: Bug > Components: ALL APPLICATIONS > Affects Versions: SVN trunk > Reporter: K Sharad Bhushan > Labels: api-change, ofbiz, tomcat > > While we were upgrading ofbiz for our applications, i have noticed the usage > of enabling cross domain tracking and was planning to use. We had custom > solution previously for tomcat, as it was not supporting session cookie > domain to be configurable (vesion ). > Here is the description of the issue, > In ofbiz cross domain session cookies was allowed using configuration in > ofbiz-container.xml, by setting value for cookie.domain in url.properties. > enad enabling the property "enable-cross-subdomain-sessions" to true in > ofbiz-containers.xml. This is not working. > > When debugged i have noticed the cause in CrossSubdomainSessionValue.java > were cookie domain is supposed to be replaced/overriden in response mime > headers, but it was trying to replace in request mime headers. Here is the > line of code in CrossSubdomainSessionValve > MimeHeaders mimeHeaders = > request.getCoyoteRequest().getMimeHeaders(); > following this is the line > if (mimeHeaders.getName(i).equals("Set-Cookie")) { // in > request the header is "Cookie" and in response the header is "Set-Cookie". > When checked with svn history - i noticed it was replacing the response > headers till version r938061 which is expected behaviour, after a migration > to tomcat 7 revision r938061 i noticed the above described change. > I assume this was done due to deprecation of method "getCoyoteResponse()" in > Request i.e request.getCoyoteResponse().getMimeHeaders(); > However i have following observations which can be considered in fixing, i > would attach the patches after we validate them > I do not see the need of CrossSubdomainSessionValve any more now, as tomcat > since version 6.0.27 supports configuring domain for session cookies in > "Context". > We can use the StandardContext to set the sessionCookieDomain. > With that said, there were two approaches two acheive this > 1. Use the standard cookie.domain in url.properties to set to > sessionCookieDomain when enable-cross-subdomain-sessions is set to true. > which i think is self explanatory > 2. Allow the configuration of cookie domain via webapp info defined in > ofbiz-component.xml(which is actually the Context used by tomcat). However i > am not able to find a relevant context to support this, but seems a > possibility > Please let me know your thoughts -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira