-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nikita,
On 6/30/2010 6:20 PM, Nikita Tovstoles wrote: > I'd like to make session cookie domain-wide, and ignore subdomains - in > Tomcat 6. You could use the emptySessionPath="true" setting in your <Connector>. http://tomcat.apache.org/tomcat-6.0-doc/config/http.html > So for app reachable via my.site.com and www.site.com, I'd like to > have session cookie's domain be ".site.com". I thought of doing so using a > ServletResponseWrapper and a servlet Filter: A filter won't work, as the cookie is (typically) created at the Valve level, before your filter has a chance to run. > However, JSESSIONID continues to be set to FQ host name ("my.site.com"). If you use a properly-configured Valve that does roughly the same thing, I think it'll work. > Is it because Tomcat internals do not use HttpServletResponse.addCookie() to > set JSESSIONID or is that cookie set before filter chain gets executed? Definitely the latter, but possibly also the former: the authenticator valve might call methods directly on the non-spec Request object, instead of a ServletRequest object. > If so, sounds like Filter is (sadly) not applicable for this case, and I > have to create a custom Valve? Any tips on how to > wrap org.apache.catalina.connector.Response - valve.invoke() does not take > HttpServletResponse... See the handy configuration parameter above and save yourself a lot of headache. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwr7qgACgkQ9CaO5/Lv0PDX2gCgw6h+ShBbsh+eA8weblUdcVBg LmsAoIDhIneS/KWhhgZ6ed1+zF82tnAD =OMFW -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org