I'm migrating from Tomcat 8.0.X to Tomcat 9.0.5 and I have a issue I've been 
dragging for too long that I wise to correct.
I have been searching for a workaround and so far, I've found nothing so far 
that work out of the box.

Here is the situation:

We have a single webapp  that can handle multiple domains, some of which are 
Example: www.example1.com, images.example1.com, assets.example1.com, 

As far as I know Tomcat only allows us to set define a domain through a 
sessionCookieDomain in the context. But this domain is fixed.
If I set sessionCookieDomain=".example1.com", this will break www.example2.com 
and vice-versa.

If I leave sessionCookieDomain empty, I don't get sub-domain support as no 
domain is set and the browser fallback to the current domain serviced.

All the manipulation of the session cookie  are managed in the 
org.apache.catalina.connector.Response class and is not customizable.

So far, when we were using Tomcat 8, we were able to do a workaround by 
overriding the method addSessionCookieInternal inside the Response class 
through a facade, but this is a dirty hack and I would rather not alter any of 
Tomcat's inner classes... And a proxy is out of the question, Response not 
being an interface.

The other workaround I can think of is  splitting  *.example1.com & 
example2.com into 2 separate tomcat instance or webapps, but that would only 
duplicate the resources required (ram + disk space) for as many different domains 
we decide to support.

Is there therefor a better way to handle manipulating session cookies, or is it 
frozen and out of reach for multiple subdomain?

A "SessionCookieProcessor", which would take the context & the cookie, would be 
most welcome for such  a case


*Philippe Busque*
1111, rue St-Charles Ouest,
Tour Est, bureau 255
Longueuil (Québec) Canada J4K 5G4
Tél. : 450-449-0102 ext. 3017
Télec. : 450-449-8725

Ce message et les fichiers d’accompagnement transmis avec celui-ci s’adressent 
expressément au(x) destinataire(s) et peuvent contenir des renseignements 
confidentiels et privilégiés. Si vous recevez ce message par erreur, veuillez 
en aviser immédiatement l’expéditeur par courrier électronique. Veuillez 
également ne pas en prendre connaissance et en supprimer toutes les copies 
immédiatement. Technologies Interactives Mediagrif Inc. et ses filiales 
n’acceptent aucune responsabilité à l’égard des opinions exprimées dans le 
message ou des conséquences de tout virus informatique qui pourrait être 
transmis avec ce message. Ce message fait également l’objet d’un copyright. Il 
est interdit d’en reproduire, adapter ou transmettre quelque partie que ce soit 
sans le consentement écrit du détenteur du copyright.

This email and any files transmitted with it are solely intended for the use of 
the addressee(s) and may contain information that is confidential and 
privileged. If you receive this email in error, please advise us by return 
email immediately. Please also disregard the contents of the email, delete it 
and destroy any copies immediately. Mediagrif Interactive Technologies Inc. and 
its subsidiaries do not accept liability for the views expressed in the email 
or for the consequences of any computer viruses that may be transmitted with 
this email. This email is also subject to copyright. No part of it should be 
reproduced, adapted or transmitted without the written consent of the copyright 

To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to