Application Server: Session Sharing
From Resin 4.0 Wiki
(Difference between revisions)
(Created page with "Category:Resin: Application Server: Configuration link=Category:Resin: Application Server: Configuration == Session Sharing Between Domains == Ses...") |
|||
| Line 12: | Line 12: | ||
If all your host names end with "foo.com", then simply set "domain-cookie" to share cookies between domains: | If all your host names end with "foo.com", then simply set "domain-cookie" to share cookies between domains: | ||
| − | + | <session-config> | |
| − | <session-config> | + | <cookie-domain>foo.com</cookie-domain> |
| − | + | ... | |
| − | + | </session-config> | |
| − | </session-config | + | |
| − | + | ||
=== cookie-domain-regexp === | === cookie-domain-regexp === | ||
| Line 25: | Line 23: | ||
cookie-domain-regexp accepts a regular expression used to extract the domain from the requested host. Probable configuration: | cookie-domain-regexp accepts a regular expression used to extract the domain from the requested host. Probable configuration: | ||
| − | + | <session-config> | |
| − | + | ||
<cookie-domain-regexp>[^.]*\.[^.]*$</cookie-domain-regexp> | <cookie-domain-regexp>[^.]*\.[^.]*$</cookie-domain-regexp> | ||
... | ... | ||
</session-config> | </session-config> | ||
| − | |||
For example, using this regexp will produce the following: | For example, using this regexp will produce the following: | ||
| − | Host: xxx.yyy.zzz.foo.com = Set-Cookie domain: foo.com | + | Host: xxx.yyy.zzz.foo.com = Set-Cookie domain: foo.com |
| − | Host: zzz.foo.com = Set-Cookie domain: foo.com | + | Host: zzz.foo.com = Set-Cookie domain: foo.com |
| − | Host: foo.com = Set-Cookie domain: foo.com | + | Host: foo.com = Set-Cookie domain: foo.com |
| − | Host: bar.com = Set-Cookie domain: bar.com | + | Host: bar.com = Set-Cookie domain: bar.com |
Revision as of 00:00, 16 August 2012
Session Sharing Between Domains
Sessions are tied to the JSESSIONID cookie.
By default, the JSESSIONID cookie uses the full host name for the cookie session. So requests to www.foo.com will not share cookies, and thus session, with secure.foo.com.
cookie-domain
If all your host names end with "foo.com", then simply set "domain-cookie" to share cookies between domains:
<session-config> <cookie-domain>foo.com</cookie-domain> ... </session-config>
cookie-domain-regexp
If you have more than one domain using the same web application, or need more control, you can use the cookie-domain-regexp parameter.
cookie-domain-regexp accepts a regular expression used to extract the domain from the requested host. Probable configuration:
<session-config> <cookie-domain-regexp>[^.]*\.[^.]*$</cookie-domain-regexp> ... </session-config>
For example, using this regexp will produce the following:
Host: xxx.yyy.zzz.foo.com = Set-Cookie domain: foo.com Host: zzz.foo.com = Set-Cookie domain: foo.com Host: foo.com = Set-Cookie domain: foo.com Host: bar.com = Set-Cookie domain: bar.com
