tomcat 二级域名共享session 方法

最新推荐文章于 2021-03-04 15:45:16 发布

iteye_14276

最新推荐文章于 2021-03-04 15:45:16 发布

阅读量175

点赞数

分类专栏：技术文章文章标签： Tomcat Apache Servlet XML Blog

本文链接：https://blog.csdn.net/iteye_14276/article/details/81881226

版权

技术文章专栏收录该内容

10 篇文章 0 订阅

订阅专栏

Tomcat下，不同的二级域名，Session默认是不共享的，因为Cookie名称为JSESSIONID的Cookie根域是默认是没设置的，访问不同的二级域名，其Cookie就重新生成，而session就是根据这个Cookie来生成的，所以在不同的二级域名下生成的Session也不一样。找到了其原因，就可根据这个原因对Tomcat在生成Session时进行相应的修改(注：本文针对Tomcat 6.0)。

单个web项目运行在tomcat上但是却使用多个子域名，如：

- site.com
- www.site.com
- sub1.site.com
- sub2.site.com
- etc.

这样会导致session的不能共享，在网络上查找的并却最快的解决办法。

解决办法：

Usage:
- compile CrossSubdomainSessionValve & put it in a .jar file
- put that .jar file in $CATALINA_HOME/lib directory
- include a <Valve className="org.three3s.valves.CrossSubdomainSessionValve"/> in
$CATALINA_HOME/conf/server.xml

代码：

package org.three3s.valves;

import java.io.*;

import javax.servlet.*;
import javax.servlet.http.*;

import org.apache.catalina.*;
import org.apache.catalina.connector.*;
import org.apache.catalina.valves.*;
import org.apache.tomcat.util.buf.*;
import org.apache.tomcat.util.http.*;

/** <p>Replaces the domain of the session cookie generated by Tomcat
with a domain that allows that
 * session cookie to be shared across subdomains.  This valve digs
down into the response headers
 * and replaces the Set-Cookie header for the session cookie, instead
of futilely trying to
 * modify an existing Cookie object like the example at
http://www.esus.be/blog/?p=3.  That
 * approach does not work (at least as of Tomcat 6.0.14) because the
 * <code>org.apache.catalina.connector.Response.addCookieInternal</code>
method renders the
 * cookie into the Set-Cookie response header immediately, making any
subsequent modifying calls
 * on the Cookie object ultimately pointless.</p>
 *
 * <p>This results in a single, cross-subdomain session cookie on the
client that allows the
 * session to be shared across all subdomains.  However, see the
{@link getCookieDomain(Request)}
 * method for limits on the subdomains.</p>
 *
 * <p>Note though, that this approach will fail if the response has
already been committed.  Thus,
 * this valve forces Tomcat to generate the session cookie and then
replaces it before invoking
 * the next valve in the chain.  Hopefully this is early enough in the
valve-processing chain
 * that the response will not have already been committed.  You are
advised to define this
 * valve as early as possible in server.xml to ensure that the
response has not already been
 * committed when this valve is invoked.</p>
 *
 * <p>We recommend that you define this valve in server.xml
immediately after the Catalina Engine
 * as follows:
 * <pre>
 * <Engine name="Catalina"...>
 *     <Valve className="org.three3s.valves.CrossSubdomainSessionValve"/>
 * </pre>
 * </p>
 */
public class CrossSubdomainSessionValve extends ValveBase
{
    public CrossSubdomainSessionValve()
    {
        super();
        info = "org.three3s.valves.CrossSubdomainSessionValve/1.0";
    }

    @Override
    public void invoke(Request request, Response response) throws
IOException, ServletException
    {
        //this will cause Request.doGetSession to create the session
cookie if necessary
        request.getSession(true);

        //replace any Tomcat-generated session cookies with our own
        Cookie[] cookies = response.getCookies();
        if (cookies != null)
        {
            for (int i = 0; i < cookies.length; i++)
            {
                Cookie cookie = cookies[i];
                containerLog.debug("CrossSubdomainSessionValve: Cookie
name is " + cookie.getName());
                if (Globals.SESSION_COOKIE_NAME.equals(cookie.getName()))
                    replaceCookie(request, response, cookie);
            }
        }

        //process the next valve
        getNext().invoke(request, response);
    }

    /** Replaces the value of the response header used to set the
specified cookie to a value
     * with the cookie's domain set to the value returned by
<code>getCookieDomain(request)</code>
     *
     * @param request
     * @param response
     * @param cookie cookie to be replaced.
     */
    @SuppressWarnings("unchecked")
    protected void replaceCookie(Request request, Response response,
Cookie cookie)
    {
        //copy the existing session cookie, but use a different domain
        Cookie newCookie = new Cookie(cookie.getName(), cookie.getValue());
        if (cookie.getPath() != null)
            newCookie.setPath(cookie.getPath());
        newCookie.setDomain(getCookieDomain(request));
        newCookie.setMaxAge(cookie.getMaxAge());
        newCookie.setVersion(cookie.getVersion());
        if (cookie.getComment() != null)
            newCookie.setComment(cookie.getComment());
        newCookie.setSecure(cookie.getSecure());

        //if the response has already been committed, our replacement
strategy will have no effect
        if (response.isCommitted())
            containerLog.error("CrossSubdomainSessionValve: response
was already committed!");

        //find the Set-Cookie header for the existing cookie and
replace its value with new cookie
        MimeHeaders headers = response.getCoyoteResponse().getMimeHeaders();
        for (int i = 0, size = headers.size(); i < size; i++)
        {
            if (headers.getName(i).equals("Set-Cookie"))
            {
                MessageBytes value = headers.getValue(i);
                if (value.indexOf(cookie.getName()) >= 0)
                {
                    StringBuffer buffer = new StringBuffer();
                    ServerCookie.appendCookieValue(buffer,
newCookie.getVersion(), newCookie
                            .getName(), newCookie.getValue(),
newCookie.getPath(), newCookie
                            .getDomain(), newCookie.getComment(),
newCookie.getMaxAge(), newCookie
                            .getSecure());
                    containerLog.debug("CrossSubdomainSessionValve:
old Set-Cookie value: "
                            + value.toString());
                    containerLog.debug("CrossSubdomainSessionValve:
new Set-Cookie value: " + buffer);
                    value.setString(buffer.toString());
                }
            }
        }
    }

    /** Returns the last two parts of the specified request's server
name preceded by a dot.
     * Using this as the session cookie's domain allows the session to
be shared across subdomains.
     * Note that this implies the session can only be used with
domains consisting of two or
     * three parts, according to the domain-matching rules specified
in RFC 2109 and RFC 2965.
     *
     * <p>Examples:</p>
     * <ul>
     * <li>foo.com => .foo.com</li>
     * <li>www.foo.com => .foo.com</li>
     * <li>bar.foo.com => .foo.com</li>
     * <li>abc.bar.foo.com => .foo.com - this means cookie won't work
on abc.bar.foo.com!</li>
     * </ul>
     *
     * @param request provides the server name used to create cookie domain.
     * @return the last two parts of the specified request's server
name preceded by a dot.
     */
    protected String getCookieDomain(Request request)
    {
        String cookieDomain = request.getServerName();
        String[] parts = cookieDomain.split("\\.");
        if (parts.length >= 2)
            cookieDomain = parts[parts.length - 2] + "." +
parts[parts.length - 1];
        return "." + cookieDomain;
    }

    public String toString()
    {
        return ("CrossSubdomainSessionValve[container=" +
container.getName() + ']');
    }
}

iteye_14276

关注

0
点赞
踩
1

收藏

觉得还不错? 一键收藏
0
评论
tomcat 二级域名共享session 方法

Tomcat下，不同的二级域名，Session默认是不共享的，因为Cookie名称为JSESSIONID的Cookie根域是默认是没设置的，访问不同的二级域名，其Cookie就重新生成，而session就是根据这个Cookie来生成的，所以在不同的二级域名下生成的Session也不一样。找到了其原因，就可根据这个原因对Tomcat在生成Session时进行相应的修改(注：本文针...
复制链接

扫一扫