使用 Tomcat 允许子域会话 cookie 的最佳方法 [英] Best way for allowing subdomain session cookies using Tomcat
问题描述
默认情况下,tomcat 会为当前域创建一个会话 cookie.
By default tomcat will create a session cookie for the current domain.
如果您在 www.example.com 上,则将为 www.example.com 创建您的 cookie(仅适用于 www.example.com).而对于 example.com,它将为 .example.com 创建(期望的行为,适用于 example.com 的任何子域以及 example.com 本身).
If you are on www.example.com, your cookie will be created for www.example.com (will only work on www.example.com). Whereas for example.com it will be created for .example.com (desired behaviour, will work on any subdomain of example.com as well as example.com itself).
我见过一些 Tomcat 阀门,它们似乎拦截了会话 cookie 的创建并使用正确的 .example.com 域创建了一个替换 cookie,但是它们似乎都没有完美地工作,而且它们似乎都离开了现有的cookie 并创建一个新的.这意味着每个请求都会发送两个 JSESSIONID cookie.
I've seen a few Tomcat valves which seem to intercept the creation of session cookies and create a replacement cookie with the correct .example.com domain, however none of them seem to work flawlessly and they all appear to leave the existing cookie and just create a new one. This means that two JSESSIONID cookies are being sent with each request.
我想知道是否有人对这个问题有明确的解决方案.
I was wondering if anybody has a definitive solution to this problem.
推荐答案
这显然是通过 6.0.27 及以后的配置设置来支持的:
This is apparently supported via a configuration setting in 6.0.27 and onwards:
配置是通过编辑完成的META-INF/context.xml
Configuration is done by editing META-INF/context.xml
<上下文sessionCookiePath="/某事"sessionCookieDomain=".domain.tld"/>
<Context sessionCookiePath="/something" sessionCookieDomain=".domain.tld" />
https://issues.apache.org/bugzilla/show_bug.cgi?id=48379
这篇关于使用 Tomcat 允许子域会话 cookie 的最佳方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
