Re: How does one control what the path is on the JSESSIONID cookie?

Tue, 23 Jun 2009 14:05:04 -0700 

Pid wrote:

Filip Hanik - Dev Lists wrote:

John Caron wrote:

Tomcat 6.0.18 automatically adds the session cookie like:

 Set-Cookie: JSESSIONID=6D839FF3B960947CC6FD41B98CD02E0D; Path=/thredds

How can I change the path part of the cookie?

the only thing you can do is set it to empty, by using emptySessionPath.


Or you could change the name of your application.  That's unlikely to be
helpful though.

Why does it matter?

p
The client may have more than one session, which must be distinguished by the path, eg i need: 

Set-Cookie: JSESSIONID=6D839FF3B960947CC6FD41B98CD02E0D; Path=/thredds/p1


A previous post had this filter, which im guessing i can modify :

package com.prosc.servlet;

import javax.servlet.*;
import javax.servlet.http.*;
import java.io.IOException;

/**
* This class will set the cookie maxAge to match the session timeout value. 
That way, a user who closes their browser and
* re-enters the site will still have the same session if it has not timed out 
on the server.
*/
public class SessionCookieExtender implements Filter {
   private static final String JSESSIONID = "JSESSIONID";

   public void init( FilterConfig config ) throws ServletException {}

   public void doFilter( ServletRequest _request, ServletResponse _response, 
FilterChain chain ) throws IOException, ServletException {
       if( _response instanceof HttpServletResponse ) {
           HttpServletRequest httpRequest = (HttpServletRequest)_request;
           HttpServletResponse httpResponse = (HttpServletResponse)_response;

           HttpSession session = httpRequest.getSession();
           if( session != null && session.getId() != null ) {
               Cookie sessionCookie = new Cookie( JSESSIONID, session.getId() );
               int sessionTimeoutSeconds = session.getMaxInactiveInterval();
               sessionCookie.setMaxAge( sessionTimeoutSeconds );
               sessionCookie.setPath( httpRequest.getContextPath() );
               httpResponse.addCookie( sessionCookie ); //FIX! This doesn't 
actually get rid of the other cookie, but it seems to work OK
           }
       }
       chain.doFilter( _request, _response );
   }

   public void destroy() {}
}

If there is a better way to do it, Id love to hear!

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to