redirecting to fully qualified hostname
All, The application I am working on is secured with a login that required a username and password. Once a user is logged in, all pages can be accessed as long as there is a Subject object in the Session. My problem is that part of the webapp provided links to pages that open in another window, and when the link is clicked, it is forwarding to the logon page as if the Subject object is no longer in the Session. I've determined that this behavior is only present when the hostname used for the request is not fully qualified upon the intial logon. For instance. User logons on by going to http://serverName/webapp/logon.do Then the application provides a link to http://serverName.mycompany.com/webapp/something.do which open a page in a new window. When the user click the link, a new window is opened but they are forwarded to the logon page as if they never logged on in the first place. How can I have all requests to the original hostname http://serverName/webapp be redirected to http://serverName.mycompany.com/webapp ? Is there anybody out there that has experienced this or knows of a better way to work around this issue? Thanks in Advance, Jonathan
Re: redirecting to fully qualified hostname
What you're likely running into is the fact that the cookie that the application server uses to track a user's session object, is very specific to what host can read the cookie. I use Apache and one of the things I've done is set a configuration parameter UseCanonicalName to be on - it defaults to off ... here's the comment in Apache's configuration that describes this parameter: # # UseCanonicalName: Determines how Apache constructs self-referencing # URLs and the SERVER_NAME and SERVER_PORT variables. # When set Off, Apache will use the Hostname and Port supplied # by the client. When set On, Apache will use the value of the # ServerName directive. # UseCanonicalName On Basically, if you define your host instance in Tomcat to be host.domain.com, then regardless if someone accesses http://host/ or http://host.domain.com/, Apache will populate the SERVER_NAME variable with host.domain.com - what this does, is when Tomcat then figures out what server name to specify for the cookie, it will use host.domain.com, not whatever the user tried to access the application through. Help? Yes? No? Hope so!! Fullam, Jonathan wrote: All, The application I am working on is secured with a login that required a username and password. Once a user is logged in, all pages can be accessed as long as there is a Subject object in the Session. My problem is that part of the webapp provided links to pages that open in another window, and when the link is clicked, it is forwarding to the logon page as if the Subject object is no longer in the Session. I've determined that this behavior is only present when the hostname used for the request is not fully qualified upon the intial logon. For instance. User logons on by going to http://serverName/webapp/logon.do Then the application provides a link to http://serverName.mycompany.com/webapp/something.do which open a page in a new window. When the user click the link, a new window is opened but they are forwarded to the logon page as if they never logged on in the first place. How can I have all requests to the original hostname http://serverName/webapp be redirected to http://serverName.mycompany.com/webapp ? Is there anybody out there that has experienced this or knows of a better way to work around this issue? Thanks in Advance, Jonathan -- Brice D. Ruth Sr. IT Analyst Fiskars Brands, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: redirecting to fully qualified hostname
Quoting Fullam, Jonathan [EMAIL PROTECTED]: All, The application I am working on is secured with a login that required a username and password. Once a user is logged in, all pages can be accessed as long as there is a Subject object in the Session. My problem is that part of the webapp provided links to pages that open in another window, and when the link is clicked, it is forwarding to the logon page as if the Subject object is no longer in the Session. I've determined that this behavior is only present when the hostname used for the request is not fully qualified upon the intial logon. This is really a question for your servlet container provider, since it's not Struts specific. It's up to the server configuration whether serverName and serverName.mycompany.com are considered to be the same virtual host or not (which would be a prerequisite to sharing the session). A couple of approaches to consider: * If your webserver considers the two to be different, put a redirect on one so that you always end up on the other. * Construct all your hyperlinks without the http://host; part, and just start with a slash followed by the context path. That way, the browser will reconstruct an absolute URL using the server name (qualified or not) that came in on the original request. Craig For instance. User logons on by going to http://serverName/webapp/logon.do Then the application provides a link to http://serverName.mycompany.com/webapp/something.do which open a page in a new window. When the user click the link, a new window is opened but they are forwarded to the logon page as if they never logged on in the first place. How can I have all requests to the original hostname http://serverName/webapp be redirected to http://serverName.mycompany.com/webapp ? Is there anybody out there that has experienced this or knows of a better way to work around this issue? Thanks in Advance, Jonathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]