An issue dealing with JSP Session

views:

233

answers:

An issue dealing with JSP Session

I'm having an inconvenient dealing with sessions..

I have this:

www.mydomain.com
sub1.mydomain.com
sub2.mydomain.com
sub3.mydomain.com

and when I log into "www", then I change to "sub2" (for example) I figure out it creates another session :S why is that??

I need the same session for www, sub1, sub2, sub3, and so on.. ALL in "mydomain.com"..

what can I do?? is it like that and I have to make a trick?? or is there a "legal" solution for what I want??

+1 A:

Yes, it is like that because you will have separate session cookie for every different domain. Which web server do you use ? You may implement SSO related solution to share data across the domains.

jatanp 2009-08-19 23:40:09

I use GlassFish... and SSO, not at all, because everything is the same application.. within the same webserver even the same contextpath.... and yes, I made the jsp to print the sessionId and it is the same "index.jsp" but with differnet subdomains (just names, because everything address the same IP) and it displays different IDs....

Juan Diego 2009-08-20 15:31:33

+3 A:

The JSESSIONID cookie is issued by the container, and the cookie domain and path is always that of the web application's domain and context root.

It appears as if you have multiple applications in which case, the JSESSIONID issued by one application will not be recognized by another, due to a change in either the domain or the context root, even if the applications are in the same container.

There are multiple ways to deal with this:

If you are not dealing with a high-value application, and if you can guarantee that no 'rogue' applications will be deployed on the server, you can configure the server to share sessions across applications. Weblogic Server can be configured to do this.
Use a central authentication and session management provider - SSO.
Use TLS/SSL - most servers do not issue a JSESSIONID cookie when communication is over SSL, and instead use SSL itself to store state. You will have mixed results here.

Update:

Glassfish v3 allows you to set the domain for the session cookie. This is done via the session-config element in sun-web.xml. I'm not sure if this is available in v2 or lower versions of Glassfish.

Vineet Reynolds 2009-08-20 00:54:06

well, everything is just one application, it is just that I am using subdomains for the user to "skip" select one city.. it's like: www.mywebsite.com // which this would be the general site..chicago.mywebsite.com // which it's Chicago the selected city..miami.mywebsite.com // which it's Miami the selected city..At the "www" the users are able to select the city and they are redirected to that subdomain.. but inside I just evaluate the subdomain, and I do "the same" thing as if there would be a combo box for selecting the current city..Is that a bad practice??

Juan Diego 2009-08-20 15:28:22

I dont think this is a bad practice; that is purely a subjective topic. You could take a look at the updated answer.

Vineet Reynolds 2009-08-20 20:30:13

Very well thank you.. I did it, in the session-config of the sun-web.xml, <property name="cookieDomain" value="mydomain.com"/>.. I tried with both GlassFish v3 and v2 and it works perfectly.. Again.. Thank you...

Juan Diego 2009-08-20 22:36:38

You're welcome :)

Vineet Reynolds 2009-08-20 23:02:31

ansaurus

tags:

views:

answers:

An issue dealing with JSP Session

related questions