Application Server: Session Sharing
From Resin 4.0 Wiki
(Difference between revisions)
| Line 6: | Line 6: | ||
Sessions are tied to the JSESSIONID cookie. | Sessions are tied to the JSESSIONID cookie. | ||
| − | By default, the JSESSIONID cookie uses the full host name for the cookie | + | By default, the JSESSIONID cookie uses the full host name for the cookie domain. So requests to www.foo.com will not share cookies (and thus sessions) with secure.foo.com. |
=== cookie-domain === | === cookie-domain === | ||
| − | If all your host names end with "foo.com", then simply set "domain-cookie" to share cookies between | + | If all your host names end with "foo.com", then simply set "domain-cookie" to share cookies between hosts: |
<session-config> | <session-config> | ||
| Line 19: | Line 19: | ||
=== cookie-domain-regexp === | === cookie-domain-regexp === | ||
| − | If you have more than one domain using the same web application | + | If you have more than one domain using the same web application, you can use the cookie-domain-regexp parameter. |
cookie-domain-regexp accepts a regular expression used to extract the domain from the requested host. Probable configuration: | cookie-domain-regexp accepts a regular expression used to extract the domain from the requested host. Probable configuration: | ||
| Line 34: | Line 34: | ||
Host: foo.com = Set-Cookie domain: foo.com | Host: foo.com = Set-Cookie domain: foo.com | ||
Host: bar.com = Set-Cookie domain: bar.com | Host: bar.com = Set-Cookie domain: bar.com | ||
| + | |||
| + | This configuration belongs in the app-tier. | ||
Latest revision as of 00:00, 17 August 2012
Session Sharing Between Domains
Sessions are tied to the JSESSIONID cookie.
By default, the JSESSIONID cookie uses the full host name for the cookie domain. So requests to www.foo.com will not share cookies (and thus sessions) with secure.foo.com.
cookie-domain
If all your host names end with "foo.com", then simply set "domain-cookie" to share cookies between hosts:
<session-config> <cookie-domain>foo.com</cookie-domain> ... </session-config>
cookie-domain-regexp
If you have more than one domain using the same web application, you can use the cookie-domain-regexp parameter.
cookie-domain-regexp accepts a regular expression used to extract the domain from the requested host. Probable configuration:
<session-config> <cookie-domain-regexp>[^.]*\.[^.]*$</cookie-domain-regexp> ... </session-config>
For example, using this regexp will produce the following:
Host: xxx.yyy.zzz.foo.com = Set-Cookie domain: foo.com Host: zzz.foo.com = Set-Cookie domain: foo.com Host: foo.com = Set-Cookie domain: foo.com Host: bar.com = Set-Cookie domain: bar.com
This configuration belongs in the app-tier.
