users@glassfish.java.net

Re: Custom cookiepath for session

From: Jan Luehe <Jan.Luehe_at_Sun.COM>
Date: Wed, 18 Mar 2009 09:57:53 -0700

On 03/18/09 02:00 AM, glassfish_at_javadesktop.org wrote:
> We have a single glassfish webapp that is used to render multiple "user defined" web applications in the form:
>
> www.ourserver.com/app1
> www.ourserver.com/app2
> www.ourserver.com/app3
>
> The users can choose their subdirectory, and then build their website using our administration console.
>
> We would like to stop sharing sessions between applications. The default cookie-path is / and we have been looking at ways to override this without success so far.
>
> One idea is to use a global filter to wrap the httpservletresponse and alter the cookiepath, but it seems a bit ugly to do this.
> Any better ideas?
>

GlassFish versions prior to the upcoming GlassFish v3 allow
you to configure the following session tracking cookie properties
in sun-web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<sun-web-app>
  <session-config>
    <cookie-properties>
      <property name="cookiePath" value="xxx" />
      <property name="cookieDomain" value="xxx" />
      <property name="cookieComment" value="xxx" />
      <property name="cookieSecure" value="[true|false]" />
    </cookie-properties>
  </session-config>
</sun-web-app>

The Servlet 3.0 spec, which GlassFish v3 will implement, is adding standard
support for session tracking cookie configuration: declaratively in web.xml,
as well as programmatically via javax.servlet.SessionCookieConfig.
This functionality is already available "for preview" in recent GlassFish v3
nightly/promoted builds.

Thanks,

Jan

> [Message sent by forum member 'profiler' (profiler)]
>
> http://forums.java.net/jive/thread.jspa?messageID=337600
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>