Application Server: Session Sharing

From Resin 4.0 Wiki

(Difference between revisions)
Jump to: navigation, search
(Created page with "Category:Resin: Application Server: Configuration link=Category:Resin: Application Server: Configuration == Session Sharing Between Domains == Ses...")
 
 
Line 6: Line 6:
 
Sessions are tied to the JSESSIONID cookie.   
 
Sessions are tied to the JSESSIONID cookie.   
  
By default, the JSESSIONID cookie uses the full host name for the cookie session.  So requests to www.foo.com will not share cookies, and thus session, with secure.foo.com.
+
By default, the JSESSIONID cookie uses the full host name for the cookie domain.  So requests to www.foo.com will not share cookies (and thus sessions) with secure.foo.com.
  
 
=== cookie-domain ===
 
=== cookie-domain ===
  
If all your host names end with "foo.com", then simply set "domain-cookie" to share cookies between domains:
+
If all your host names end with "foo.com", then simply set "domain-cookie" to share cookies between hosts:
  
<code>
+
<session-config>
<session-config>
+
  <cookie-domain>foo.com</cookie-domain>
  <cookie-domain>foo.com</cookie-domain>
+
  ...
  ...
+
</session-config>
</session-config>
+
</code>
+
  
 
=== cookie-domain-regexp ===
 
=== cookie-domain-regexp ===
  
If you have more than one domain using the same web application, or need more control, you can use the cookie-domain-regexp parameter.  
+
If you have more than one domain using the same web application, you can use the cookie-domain-regexp parameter.  
  
 
cookie-domain-regexp accepts a regular expression used to extract the domain from the requested host. Probable configuration:
 
cookie-domain-regexp accepts a regular expression used to extract the domain from the requested host. Probable configuration:
  
<code>
+
<session-config>
  <session-config>
+
 
     <cookie-domain-regexp>[^.]*\.[^.]*$</cookie-domain-regexp>
 
     <cookie-domain-regexp>[^.]*\.[^.]*$</cookie-domain-regexp>
 
     ...
 
     ...
 
   </session-config>
 
   </session-config>
</code>
 
  
 
For example, using this regexp will produce the following:
 
For example, using this regexp will produce the following:
  
Host: xxx.yyy.zzz.foo.com =  Set-Cookie domain: foo.com
+
Host: xxx.yyy.zzz.foo.com =  Set-Cookie domain: foo.com
Host: zzz.foo.com =  Set-Cookie domain: foo.com
+
Host: zzz.foo.com =  Set-Cookie domain: foo.com
Host: foo.com =  Set-Cookie domain: foo.com
+
Host: foo.com =  Set-Cookie domain: foo.com
Host: bar.com =  Set-Cookie domain: bar.com
+
Host: bar.com =  Set-Cookie domain: bar.com
 +
 
 +
This configuration belongs in the app-tier.

Latest revision as of 00:00, 17 August 2012

Gears-48.png

Session Sharing Between Domains

Sessions are tied to the JSESSIONID cookie.

By default, the JSESSIONID cookie uses the full host name for the cookie domain. So requests to www.foo.com will not share cookies (and thus sessions) with secure.foo.com.

cookie-domain

If all your host names end with "foo.com", then simply set "domain-cookie" to share cookies between hosts:

<session-config>
  <cookie-domain>foo.com</cookie-domain>
  ...
</session-config>

cookie-domain-regexp

If you have more than one domain using the same web application, you can use the cookie-domain-regexp parameter.

cookie-domain-regexp accepts a regular expression used to extract the domain from the requested host. Probable configuration:

<session-config>
   <cookie-domain-regexp>[^.]*\.[^.]*$</cookie-domain-regexp>
   ...
 </session-config>

For example, using this regexp will produce the following:

Host: xxx.yyy.zzz.foo.com =  Set-Cookie domain: foo.com
Host: zzz.foo.com =  Set-Cookie domain: foo.com
Host: foo.com =  Set-Cookie domain: foo.com
Host: bar.com =  Set-Cookie domain: bar.com

This configuration belongs in the app-tier.

Personal tools
TOOLBOX
LANGUAGES