Bryan, Thanks so much for sending this a lot earlier. We tried it out
and found that we could simplify it a bit for our needs. I've included
the source here just in case.
What our valve does is just sets the domain on the session cookie, in
the request and response. The first time a user comes to our site,
they get one session cookie for the full domain (foo.evite.com), and
one session cookie for the base domain (.evite.com). Any subsequent
requests to xyz.evite.com get the same session id (While the session
cookie exists).
We needed to do this because we have our own session manager and
wanted to keep things separated as much as possible.
Any advice or comments are welcome.
Thanks, hope this helps,
Eric
On 1/10/07, Bryan Basham <[EMAIL PROTECTED]> wrote:
Oops... I had some bugs in the code. Here's the latest source.
-Bryan
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Learn from the past. Live in the present. Plan for the future.
package com.evite.tomcat;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.valves.ValveBase;
/**
* This class implements a Tomcat request valve and sets the domain on the
* session cookie.
*
* @author Eric Berry
*/
public class EviteSessionValve extends ValveBase {
private static final String JSESSIONID = "JSESSIONID";
private String cookieDomain;
/**
* An explicit no-arg constructor.
*/
public EviteSessionValve() {
// do nothing
}
/**
* This method Changes the session cookie domain for any requests that
come
* in containing the replacementDomain.
*
* This method handles each HTTP request coming through Tomcat as
configured
* in the server.xml or context.xml or a context-specific configuration
file.
*/
@Override
public void invoke(Request request, Response response) throws
IOException,
ServletException {
String sessionId = request.getSession().getId();
Cookie sessionCookie = getCookie(JSESSIONID,
request.getCookies());
String replacementDomain = getCookieDomain();
String currentDomain = request.getHeader("host");
// we only want to replace the domain it's an evite.com domain.
// this way we won't have to get a new session each time,
testing
// on localhost, or other internal IPs.
boolean relaceDomain = currentDomain.indexOf(replacementDomain)
>= 0;
if (sessionCookie == null && sessionId != null &&
!sessionId.equals("")) {
sessionCookie = new Cookie(JSESSIONID, sessionId);
if(relaceDomain) {
sessionCookie.setDomain(replacementDomain);
}
request.addCookie(sessionCookie);
response.addCookie(sessionCookie);
}
String sessionCookieDomain = sessionCookie.getDomain();
if (relaceDomain && sessionCookieDomain != null &&
!sessionCookieDomain.equals(replacementDomain)) {
sessionCookie.setDomain(replacementDomain);
request.addCookie(sessionCookie);
response.addCookie(sessionCookie);
}
getNext().invoke(request, response);
}
/**
* This private method retrieves the cookie specified by the name
parameter.
*
* @param name
* @param cookies
* @return the named cookie, or null if that cookie was not found
*/
private Cookie getCookie(String name, Cookie[] cookies) {
if (cookies == null)
return null;
for (int i = 0; i < cookies.length; i++) {
if (cookies[i].getName().equals(name))
return cookies[i];
}
return null;
}
public String getCookieDomain() {
return cookieDomain;
}
public void setCookieDomain(String domain) {
this.cookieDomain = domain;
}
}---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
