Hi,
It's great for you that you have a solution, but it's not compatible with the
Servlet Spec and therefore can't be integrated into Tomcat. It's not a Tomcat
bug, but rather your requirements that are in conflict with the Spec.
Yoav
Quoting Simon Lau <[EMAIL PROTECTED]>:
>
> Just want you guys to know that I have found a solution for my problem.
>
> I have to change the source code in tomcat to get this to work.
> Here is what I've done:
> In source org.apache.coyote.tomcat5.CoyoteRequest line 2313 (btw, I am using
> tomcat5.0.28 source) I added
> cookie.setDomain(".abc.com"); // beware of the leading dot
> compile the source and replace the new catalina.jar into my tomcat
> server/lib directory.
>
> I am now able to switch between both
> http://aaa.abc.com/myapp/index.jsp
> http://bbb.abc.com/myapp/index.jsp
> and the session persists !!!
>
> I wonder why the web.xml file in conf/ didn't provide such an option for us
> to set more cookie options.
> As for now, I can only set session-timeout in web.xml.
> I suggest adding like cookie-domain
> <session-config>
> <session-timeout>30</session-timeout>
> <cookie-domain>.abc.com</cookie-domain>
> </session-config>
> I know resin have such an option, see here
> http://browserinsight2.lunaimaging.com:8090/ref/app-config.xtp#session-config
>
> I am posting this to both user list and developer list, I hope someone in
> the tomcat project will read it and implement this in the future.
>
> Thanks everyone that have helped me though, means a lot.
> Simon
>
>
>
> ----- Original Message -----
> From: "Tim Funk" <[EMAIL PROTECTED]>
> To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
> Sent: Wednesday, January 12, 2005 8:43 PM
> Subject: Re: apache + tomcat with 2 domains but same session?
>
>
> > [I have a major sinus cold - so I might not be writing clearly ...]
> >
> > I don't think URL rewriting from apache mod_rewrite will solve your
> problem.
> > Tomcat maintains state with the session via a session cookie. The cookie
> is
> > fixed to the currnet domain name (not configurable) and the cookie is
> fixed
> > to the current webapp path(also not configurable).
> >
> > But the session cookie is the key to picking up the session. Since you are
> > working in a differnet domain - the session cookie is not sent by the
> client.
> >
> > But for clients that do not allow cookies, you can use url rewriting via
> the
> > servlet API. (See HttpResponse.encodeUrl()). This method detects whether
> the
> > client has sent the request and maintained state via a session cookie and
> if
> > a cookie was not used, the url is rewritten and encoded with a path
> variable
> > called jsessionid. (eg: foo.jsp;jsessionid=ABDDAAN9900)
> >
> > To get a session from aaa.com to work in bbb.com - you need to have a page
> on
> > aaa.com link to bbb.com with the URL containing the jessessionid path
> parameter.
> >
> > -Tim
> >
> > Simon Lau wrote:
> > > Tim, thanks for your help. but...
> > > I have been following your suggestion and use mod_rewrite to rewrite
> > > bbb.abc.com to aaa.abc.com.
> > > Here is 3 scenarios:
> > > 1)
> > > RewriteCond %{HTTP_HOST} ^bbb\.(.*)$
> > > RewriteRule ^(.+) http://aaa.%1$1
> > > Client access http://bbb.abc.com/myapp/index.jsp
> > > Client brower address bar display http://aaa.abc.com/myapp/index.jsp
> (but i
> > > want http://bbb.abc.com/myapp/index.jsp instead)
> > > Session persist, no problem
> > >
> > > 2)
> > > RewriteCond %{HTTP_HOST} ^bbb\.(.*)$
> > > RewriteRule ^(.+) http://aaa.%1$1
> [PT]
> > > Client access http://bbb.abc.com/myapp/index.jsp
> > > Client brower address bar display http://bbb.abc.com/myapp/index.jsp
> > > Client brower display "400 Bad Request error"
> > > mod_rewrite.log get "forcing 'http://aaa.abc.com/myapp/index.jsp' to get
> > > passed through to next API URI-to-filename handler
> > >
> > > 3)
> > > RewriteCond %{HTTP_HOST} ^bbb\.(.*)$
> > > RewriteRule ^(.+) http://aaa.%1$1
> [P]
> > > Client access http://bbb.abc.com/myapp/index.jsp
> > > Client brower address bar display http://bbb.abc.com/myapp/index.jsp
> > > Client brower display "Forbidden, You don't have permission to access
> > > /myapp/index.jsp"
> > > mod_rewrite.log get "forcing proxy-throughput with
> > > http://aaa.abc.com/myapp/index.jsp";
> > >
> > > so all of these cases didn't give me the result i wanted.
> > > the result i wanted is:
> > > -Client access http://bbb.abc.com/myapp/index.jsp
> > > -Client brower address bar display http://bbb.abc.com/myapp/index.jsp
> > > -Session persist with http://aaa.abc.com/myapp/index.jsp
> > >
> > > Am i on the right track? or am i doing it totally wrong? or is there way
> to
> > > get around this?
> > >
> > > please help. thanks again.
> > >
> > > Simon
> > >
> > >
> > > ----- Original Message -----
> > > From: "Tim Funk" <[EMAIL PROTECTED]>
> > > To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
> > > Sent: Tuesday, January 11, 2005 7:44 PM
> > > Subject: Re: apache + tomcat with 2 domains but same session?
> > >
> > >
> > >
> > >>You can get away with this by using URL rewriting. When you are using
> > >>aaa.abc.com and wish to redirect or link to bbb.abc.com - you would need
> > >
> > > to
> > >
> > >>rewrite the URL to include the jsessionid path parameter. But you
> *cannot*
> > >
> > > do
> > >
> > >>this via response.encodeURL(..) since that method will detect your URL
> is
> > >
> > > in
> > >
> > >>another webapp. So you will need to write your own implementation of
> > >>encodeURL to achieve this.
> > >>
> > >>-Tim
> > >>
> > >>Simon Lau wrote:
> > >>
> > >>>Hi,
> > >>>
> > >>>I want to setup my apache to have 2 domains, say aaa.abc.com and
> > >>>bbb.abc.com.
> > >>>Both of this domain goes to the same application context, say /myapp
> > >>>So when i access both
> > >>>http://aaa.abc.com/myapp/index.jsp
> > >>>http://bbb.abc.com/myapp/index.jsp
> > >>>will give me the exact same content, no problem.
> > >>>
> > >>>My question is how do i persist the session while i switch between
> > >>>aaa.abc.com and bbb.abc.com?
> > >>>For example i have a shopping basket storing with 2 products and i want
> > >
> > > to
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
