使用Tomcat允许子域会话cookie的最佳方式 [英] Best way for allowing subdomain session cookies using Tomcat

问题描述

默认情况下，tomcat会为当前域创建会话Cookie。

如果您位于www.example.com上，则您的Cookie将被创建为www.example .com（仅适用于www.example.com）。而example.com会为.example.com创建（期望的行为，将在example.com的任何子域以及example.com本身）。

我看到一些Tomcat阀门似乎拦截了会话cookie的创建，并创建一个替换的cookie与正确的.example.com域，但没有一个似乎无瑕疵的工作，他们都似乎离开现有的cookie和只是创建一个新的。这意味着每个请求都会发送两个JSESSIONID cookie。

我想知道是否有人对这个问题有明确的解决方案。

<这显然是通过6.0.27及以后的配置设置支持的：

通过编辑
META-INF / context.xml完成​​配置。

sessionCookiePath =/ something
sessionCookieDomain =。domain.tld/>

https://issues.apache.org/bugzilla/show_bug.cgi?id=48379

By default tomcat will create a session cookie for the current domain.

If you are on www.example.com, your cookie will be created for www.example.com (will only work on www.example.com). Whereas for example.com it will be created for .example.com (desired behaviour, will work on any subdomain of example.com as well as example.com itself).

I've seen a few Tomcat valves which seem to intercept the creation of session cookies and create a replacement cookie with the correct .example.com domain, however none of them seem to work flawlessly and they all appear to leave the existing cookie and just create a new one. This means that two JSESSIONID cookies are being sent with each request.

I was wondering if anybody has a definitive solution to this problem.

解决方案

This is apparently supported via a configuration setting in 6.0.27 and onwards:

Configuration is done by editing META-INF/context.xml

<Context sessionCookiePath="/something" sessionCookieDomain=".domain.tld" />

https://issues.apache.org/bugzilla/show_bug.cgi?id=48379

这篇关于使用Tomcat允许子域会话cookie的最佳方式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！