Hello :) We needed subdomain session cookie support for our java webapp; currently there is no way to configure cookie domain attribute in tomcat <= 6.0.18.
This patch adds this functionality. Cookie domain can be specified as Manager property (default null == turned off) in conf/context.xml or on per webapp context property (conf/<engine_name>/<vhost>/appname.xml or META-INF/context.xml). --- snip --- <Context override="true"> <Manager cookieDomain=".example.org" /> </Context> --- snip --- Webapp will then issue session cookies in the following form: JSESSIONID=D29B85A0D5E3AADA7DAA2B8DE660B0B3; Domain=.example.org; Path=/ Browser will send this cookie to sites www.example.org, subsite.example.org, etc... This functionality is already implemented in Resin and Jetty. How to use/apply: svn co http://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_18 cd TOMCAT_6_0_18 patch -p0 < /path/to/tomcat-6.0.18-subdomain-session-cookie.patch ant download ant Best regards, Brane
Index: java/org/apache/catalina/Manager.java =================================================================== --- java/org/apache/catalina/Manager.java (revision 762245) +++ java/org/apache/catalina/Manager.java (working copy) @@ -363,4 +363,17 @@ */ public void backgroundProcess(); + + /** + * This method sets cookie domain for session cookies + * + * @param domain Cookie domain name (Use ".domain.tld" to issue + * subdomain valid session cookies) + */ + public void setCookieDomain (String domain); + + /** + * Returns cookie domain if set, otherwise null + */ + public String getCookieDomain (); } Index: java/org/apache/catalina/session/ManagerBase.java =================================================================== --- java/org/apache/catalina/session/ManagerBase.java (revision 762245) +++ java/org/apache/catalina/session/ManagerBase.java (working copy) @@ -197,7 +197,12 @@ */ private int count = 0; + /** + * Cookie domain for session cookies + */ + protected String cookieDomain = null; + /** * Frequency of the session expiration, and related manager operations. * Manager operations will be done once for the specified amount of @@ -668,6 +673,34 @@ } /** + * This method sets cookie domain for session cookies + * + * @param domain Cookie domain name (Use ".domain.tld" to issue + * subdomain valid session cookies) + */ + public void setCookieDomain (String domain) { + if (domain == null) { + cookieDomain = null; + return; + } + + // sanitize && apply cookie domain string + domain = domain.trim(); + if (domain.length() > 0) { + cookieDomain = domain; + } else { + cookieDomain = null; + } + } + + /** + * Returns cookie domain if set, otherwise null + */ + public String getCookieDomain () { + return cookieDomain; + } + + /** * Invalidate all sessions that have expired. */ public void processExpires() { Index: java/org/apache/catalina/connector/Request.java =================================================================== --- java/org/apache/catalina/connector/Request.java (revision 762245) +++ java/org/apache/catalina/connector/Request.java (working copy) @@ -2346,6 +2346,13 @@ } else { cookie.setPath("/"); } + + // set cookie domain if manager is associated with cookie domain + String cookieDomain = context.getManager().getCookieDomain(); + if (cookieDomain != null) { + cookie.setDomain(cookieDomain); + } + if (isSecure()) { cookie.setSecure(true); }
--------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org