tomcat 二��域名 �׃�nsession �Ҏ��

world_eyes — Fri, 04 Jun 2010 09:17:00 GMT

Tomcat下，不同的二�U�域名，Session默认是不�׃�n的，因�ؓCookie名称为JSESSIONID的Cookie根域是默认是没设�|�的�Q�访�? 不同的二�U�域名，其Cookie��重新生成，而session��是�Ҏ��q�个Cookie来生成的�Q�所以在不同的二�U�域名下生成的Session也不一栗��? 扑ֈ�了其原因�Q�就可根据这个原因对Tomcat在生成Session时进行相应的修改(注：本文针对Tomcat 6.0)�?

单个web��目�q�行在tomcat上但是却使用多个子域名，如：

- site.com
- www.site.com
- sub1.site.com
- sub2.site.com
- etc.

�q�样会导致session的不能共享，在网�l�上查找的�ƈ却最快的解决办法�?/p>

解决办法�Q?/p>

Usage:
- compile CrossSubdomainSessionValve & put it in a .jar file
- put that .jar file in $CATALINA_HOME/lib directory
- include a className="org.three3s.valves.CrossSubdomainSessionValve"/> in
$CATALINA_HOME/conf/server.xml

package org.three3s.valves;

import java.io.*;

import javax.servlet.*;
import javax.servlet.http.*;

import org.apache.catalina.*;
import org.apache.catalina.connector.*;
import org.apache.catalina.valves.*;
import org.apache.tomcat.util.buf.*;
import org.apache.tomcat.util.http.*;

/**
*

* Replaces the domain of the session cookie generated by Tomcat with a domain
* that allows that session cookie to be shared across subdomains. This valve
* digs down into the response headers and replaces the Set-Cookie header for
* the session cookie, instead of futilely trying to modify an existing Cookie
* object like the example at http://www.esus.be/blog/?p=3. That approach does
* not work (at least as of Tomcat 6.0.14) because the
* org.apache.catalina.connector.Response.addCookieInternal method
* renders the cookie into the Set-Cookie response header immediately, making
* any subsequent modifying calls on the Cookie object ultimately pointless.
*

*
*

* This results in a single, cross-subdomain session cookie on the client that
* allows the session to be shared across all subdomains. However, see the
* {@link getCookieDomain(Request)} method for limits on the subdomains.
*

*
*

* Note though, that this approach will fail if the response has already been
* committed. Thus, this valve forces Tomcat to generate the session cookie and
* then replaces it before invoking the next valve in the chain. Hopefully this
* is early enough in the valve-processing chain that the response will not have
* already been committed. You are advised to define this valve as early as
* possible in server.xml to ensure that the response has not already been
* committed when this valve is invoked.
*

*
*

* We recommend that you define this valve in server.xml immediately after the
* Catalina Engine as follows:
*
*



 * <Engine name="Catalina">

 *     <Valve

 * className="org.three3s.valves.CrossSubdomainSessionValve"/>

 *

*
*

*/
public class CrossSubdomainSessionValve extends ValveBase {
    public CrossSubdomainSessionValve() {
        super();
        info = "org.three3s.valves.CrossSubdomainSessionValve/1.0";
    }

    @Override
    public void invoke(Request request, Response response) throws IOException, ServletException {
        // this will cause Request.doGetSession to create the session cookie if
        // necessary
        request.getSession(true);

        // replace any Tomcat-generated session cookies with our own
        Cookie[] cookies = response.getCookies();
        if (cookies != null) {
            for (int i = 0; i < cookies.length; i++) {
                Cookie cookie = cookies[i];
                // System.out.println("CrossSubdomainSessionValve: Cookie name is "
                // + cookie.getName());
                if (Globals.SESSION_COOKIE_NAME.equals(cookie.getName())) replaceCookie(request, response, cookie);
            }
        }

        // process the next valve
        getNext().invoke(request, response);
    }

    /**
     * Replaces the value of the response header used to set the specified
     * cookie to a value with the cookie's domain set to the value returned by
     * getCookieDomain(request)
     *
     * @param request
     * @param response
     * @param cookie
     *            cookie to be replaced.
     */
    protected void replaceCookie(Request request, Response response, Cookie cookie) {
        // copy the existing session cookie, but use a different domain
        Cookie newCookie = new Cookie(cookie.getName(), cookie.getValue());
        // System.out.println("CrossSubdomainSessionValve: CookiePath is " +
        // cookie.getPath());
        if (cookie.getPath() != null) newCookie.setPath(cookie.getPath());
        String domain = getCookieDomain(request);
        if (!".piaoyoo.com".equals(domain)) domain = request.getServerName();
        // System.out.println("CrossSubdomainSessionValve: CookieDomain is " +
        // domain);
        newCookie.setDomain(domain);
        newCookie.setMaxAge(cookie.getMaxAge());
        newCookie.setVersion(cookie.getVersion());
        // System.out.println("CrossSubdomainSessionValve: CookieComment is " +
        // cookie.getComment());
        if (cookie.getComment() != null) newCookie.setComment(cookie.getComment());
        newCookie.setSecure(cookie.getSecure());

        // if the response has already been committed, our replacement strategy
        // will have no effect
        if (response.isCommitted()) System.out.println("Error CrossSubdomainSessionValve: response was already committed!");

        // find the Set-Cookie header for the existing cookie and replace its
        // value with new cookie
        MimeHeaders headers = response.getCoyoteResponse().getMimeHeaders();
        for (int i = 0, size = headers.size(); i < size; i++) {
            if (headers.getName(i).equals("Set-Cookie")) {
                MessageBytes value = headers.getValue(i);
                if (value.indexOf(cookie.getName()) >= 0) {
                    StringBuffer buffer = new StringBuffer();
                    ServerCookie.appendCookieValue(buffer, newCookie.getVersion(), newCookie.getName(), newCookie.getValue(),
                            newCookie.getPath(), newCookie.getDomain(), newCookie.getComment(), newCookie.getMaxAge(), newCookie
                                    .getSecure());
                    // System.out.println("CrossSubdomainSessionValve: old Set-Cookie value: "
                    // + value.toString());
                    // System.out.println("CrossSubdomainSessionValve: new Set-Cookie value: "
                    // + buffer);
                    // System.out.println("-----------------------------");
                    value.setString(buffer.toString());
                }
            }
        }
    }

    /**
     * Returns the last two parts of the specified request's server name
     * preceded by a dot. Using this as the session cookie's domain allows the
     * session to be shared across subdomains. Note that this implies the
     * session can only be used with domains consisting of two or three parts,
     * according to the domain-matching rules specified in RFC 2109 and RFC
     * 2965.
     *
     *

* Examples:
*

foo.com => .foo.com

www.foo.com => .foo.com

bar.foo.com => .foo.com

abc.bar.foo.com => .foo.com - this means cookie won't work on
* abc.bar.foo.com!

     *
     * @param request
     *            provides the server name used to create cookie domain.
     * @return the last two parts of the specified request's server name
     *         preceded by a dot.
     */
    protected String getCookieDomain(Request request) {
        String cookieDomain = request.getServerName();
        String[] parts = cookieDomain.split("\\.");
        if (parts.length >= 2) cookieDomain = parts[parts.length - 2] + "." + parts[parts.length - 1];
        return "." + cookieDomain;
    }

    public String toString() {
        return ("CrossSubdomainSessionValve[container=" + container.getName() + ']');
    }
}

world_eyes 2010-06-04 17:17 发表评论

91麻豆精品国产91久久久久推荐资源,欧美亚洲国产激情,gogogo影视剧免费观看在线观看

tomcat 二��域名 �׃�nsession �Ҏ��