tags:

views:

75

answers:

1
Q: 

GlassFish v3 JSESSIONID Multiple Subdomains and TLDs

We have one web application that is being built to serve multiple regional web site TLDs. In addition, the web application also supports thousands of dynamic subdomains. Examples include:

www.example.com
www.example.co.uk
www.example.com.ar
fred123.example.co.uk  <== Thousands of this form
fred123.p.example.us   <== Thousands of this form

While we can understand that different domain TLDs result in new sessions a problem starts to appear with the latter 2 examples above which also result in new session instances. For example if a user:

  1. Goes to: www.example.co.uk a new session is created and then...
  2. Clicks on a link: fred123.example.co.uk a new session is created and then...
  3. Clicks on a link: sam99.example.co.uk a new session is created...

3 clicks ==>> 3 sessions!!!!

The problem appears to be due to the fact that GlassFish v3 automatically makes the domain of the JSESSIONID to be the FQDN of the host request.

What is required is that the host name part be stripped off the domain value at the very least to have domains values like:

.example.com
.example.co.uk
.example.com.ar
.example.co.uk  <== Thousands of this form
.p.example.us   <== Thousands of this form

Does anyone know how this can be achieved. I have found the following Q&A however in our case the subdomain TLDs do not all match:

http://stackoverflow.com/questions/1303193/an-issue-dealing-with-jsp-session

Ergo the solution of statically configuring the sun-web.xml OR using a Servlet 3.0 solution does not appear to help. Also creating a filter response wrapper does not work either as the JSESSIONID cookie is assigned in the lower levels of the Application server and is not exposed to the Web App to intercept.

The only other two options I think I have are:

a) Patch the GlassFish v3 code that sets JSESSIONID cookie domain value to FQDN so that some stripping occurs OR

b) Doing something in the Sun Web Server 7.0 reverse proxy layer that we have to re-write the JSESSIONID cookie domain value returned in the set-cookie header however I have not been able to find examples on how to do this

Can anyone help resolve this issue? Any clues / help will be very much appreciated!

A: 

Using Apache and mod_headers to rewrite the cookies? http://stackoverflow.com/questions/82645/best-way-for-allowing-subdomain-session-cookies-using-tomcat

mhaller  2010-07-10 21:44:26
Sorry - I should have pointed out that we are using Oracle / Sun Web Server 7.0 for the RP layer (I mentioned it in passing at the end of the post but should have been clearer). Our architecture is all Oracle / Sun... and as such adding Apache into the Architecture just to support this aspect will unfortunately not do. Apologies I wasn't clearer in stating that in the original post. Sorry.
 2010-07-10 23:23:00

related questions

Compare and Contrast Java Module/Plugin mechanisms
GlassFish v3 Prelude - admin questions
webservice using security UserNameToken
Separating presentation/web-services (RoR/Java)
How to provoke a timer trigger in glassfish?
Glassfish failover without load balancer
Would you recommend Java/Glassfish/Metro for brand-new project?
Netbeans Resolve missing server
Advantages/disadvantages of Glassfish v3 Prelude vs Springsource dm server for Web applications?
glassfish and web service call timeout
How do I use jtracert to analyse an application running on Glassfish?
Any reason to use JBoss 5 over Glassfish v2/v3 Prelude?
How would you compare Apache Tomcat & Glassfish as production servers?
Would you, at present date, use JBoss or Glassfish (or another) as Java EE server for a new project?
NullPointerException getCommandLinkOnClickScript
Startup Deployment Architecture- Running Glassfish V3 Prelude without Apache...
Why use Glassfish instead of Apache? What's it strengths and weaknesses?
Track completed downloads from glassfish
JPA - Unknown entity bean class
Glassfish: Deploying application in domain failed; Error loading deployment descriptors - invalid bit length repeat
Glassfish: web application deployed with non-root context interperetes requests relative to domain1/docroot
tool for reading glassfish logs?
How do you deploy a WAR that's inside an EAR as the root (/) context in Glassfish?
How to retrieve params from GET HTTP method using javax.ws.rs.* and Glassfish?
servlet not in root application's servlet context