Hello :)
We needed subdomain session cookie support for our java webapp; currently
there is no way to configure cookie domain attribute in tomcat <= 6.0.18.
This patch adds this functionality. Cookie domain can be specified as Manager
property (default null == turned off) in conf/context.xml or on per webapp
context property (conf/<engine_name>/<vhost>/appname.xml or
META-INF/context.xml).
--- snip ---
<Context override="true">
<Manager cookieDomain=".example.org" />
</Context>
--- snip ---
Webapp will then issue session cookies in the following form:
JSESSIONID=D29B85A0D5E3AADA7DAA2B8DE660B0B3; Domain=.example.org; Path=/
Browser will send this cookie to sites www.example.org, subsite.example.org,
etc...
This functionality is already implemented in Resin and Jetty.
How to use/apply:
svn co http://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_18
cd TOMCAT_6_0_18
patch -p0 < /path/to/tomcat-6.0.18-subdomain-session-cookie.patch
ant download
ant
Best regards, Brane
Index: java/org/apache/catalina/Manager.java
===================================================================
--- java/org/apache/catalina/Manager.java (revision 762245)
+++ java/org/apache/catalina/Manager.java (working copy)
@@ -363,4 +363,17 @@
*/
public void backgroundProcess();
+
+ /**
+ * This method sets cookie domain for session cookies
+ *
+ * @param domain Cookie domain name (Use ".domain.tld" to issue
+ * subdomain valid session cookies)
+ */
+ public void setCookieDomain (String domain);
+
+ /**
+ * Returns cookie domain if set, otherwise null
+ */
+ public String getCookieDomain ();
}
Index: java/org/apache/catalina/session/ManagerBase.java
===================================================================
--- java/org/apache/catalina/session/ManagerBase.java (revision 762245)
+++ java/org/apache/catalina/session/ManagerBase.java (working copy)
@@ -197,7 +197,12 @@
*/
private int count = 0;
+ /**
+ * Cookie domain for session cookies
+ */
+ protected String cookieDomain = null;
+
/**
* Frequency of the session expiration, and related manager operations.
* Manager operations will be done once for the specified amount of
@@ -668,6 +673,34 @@
}
/**
+ * This method sets cookie domain for session cookies
+ *
+ * @param domain Cookie domain name (Use ".domain.tld" to issue
+ * subdomain valid session cookies)
+ */
+ public void setCookieDomain (String domain) {
+ if (domain == null) {
+ cookieDomain = null;
+ return;
+ }
+
+ // sanitize && apply cookie domain string
+ domain = domain.trim();
+ if (domain.length() > 0) {
+ cookieDomain = domain;
+ } else {
+ cookieDomain = null;
+ }
+ }
+
+ /**
+ * Returns cookie domain if set, otherwise null
+ */
+ public String getCookieDomain () {
+ return cookieDomain;
+ }
+
+ /**
* Invalidate all sessions that have expired.
*/
public void processExpires() {
Index: java/org/apache/catalina/connector/Request.java
===================================================================
--- java/org/apache/catalina/connector/Request.java (revision 762245)
+++ java/org/apache/catalina/connector/Request.java (working copy)
@@ -2346,6 +2346,13 @@
} else {
cookie.setPath("/");
}
+
+ // set cookie domain if manager is associated with cookie domain
+ String cookieDomain = context.getManager().getCookieDomain();
+ if (cookieDomain != null) {
+ cookie.setDomain(cookieDomain);
+ }
+
if (isSecure()) {
cookie.setSecure(true);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
