Direct jump of multiple domain names under the same application
Objective: After a level-1 domain name is logged on, the level-2 domain name will also obtain user information.
In Tomcat, sessions are not shared by default for different second-level domain names, because the Cookie root domain with the Cookie name JSESSIONID is not set by default and different second-level domain names are accessed, the Cookie is generated again, and the session is generated based on the Cookie, so the Session generated under different second-level domain names is different.
Tomcat7 + jsp + nginx
The following is a summary after reading various materials:
> Configure nginx to map to different domain names.
Level 1 domain: http://www.testxmf.com/
> Second-level domain name: http://tool.testxmf.com, http://traffic.testxmf.com
Configure tomcat server. xml
<Engine name = "Catalina" defaultHost = "localhost">
<! -- For clustering, please take a look at documentation:
/Docs/cluster-howto.html (simple how)
/Docs/config/cluster.html (reference documentation) -->
<! --
<Cluster className = "org. apache. catalina. ha. tcp. SimpleTcpCluster"/>
-->
<! -- Use the LockOutRealm to prevent attempts to guess user passwords
Via a brute-force attack -->
<Realm className = "org. apache. catalina. realm. LockOutRealm">
<! -- This Realm uses the UserDatabase configured in the global JNDI
Resources under the key "UserDatabase". Any edits
That are saved med against this UserDatabase are immediately
Available for use by the Realm. -->
<Valve className = "org. three3s. valves. CrossSubdomainSessionValve"/>
<Realm className = "org. apache. catalina. realm. UserDatabaseRealm"
ResourceName = "UserDatabase"/>
</Realm>
<Host appBase = "webapps" autoDeploy = "true" name = "localhost" unpackWARs = "true" xmlNamespaceAware = "false" xmlValidation = "false">
<! -- SingleSignOn valve, share authentication between web applications
Documentation at:/docs/config/valve.html -->
<! --
<Valve className = "org. apache. catalina. authenticator. SingleSignOn"/>
-->
<! -- Access log processes all example.
Documentation at:/docs/config/valve.html
Note: The pattern used is equivalent to using pattern = "common" -->
<Valve className = "org. apache. catalina. valves. AccessLogValve" directory = "logs"
Prefix = "localhost_access_log." suffix = ". txt"
Pattern = "% h % l % u % t % r % s % B % T"/>
<Context path = "" docBase = "/home/wsm/website" reloadable = "true" crossContext = "true" sessionCookiePath = "/" sessionCookieDomain = ".testxmf.com"> </Context>
</Host>
</Engine>
Add CrossSubdomainSessionValve. jar to tomcat lib.
Import java. io. IOException; import java. util. logging. level; import java. util. logging. logger; import javax. servlet. servletException; import javax. servlet. http. cookie; import org. apache. catalina. globals; import org. apache. catalina. connector. request; import org. apache. catalina. connector. response; import org. apache. catalina. valves. valveBase; import org. apache. tomcat. util. buf. messageBytes; import org. apache. tom Cat. util. http. mimeHeaders; import org. apache. tomcat. util. http. serverCookie;/*** replaces the session cookie generated by the Tomcat domain and allows the session cookie to be shared across subdomains. ** Tomcat Server. xml configuration: * <Valve className = "me. seanchang. crossSubdomainSessionValve "/> */public class CrossSubdomainSessionValve extends ValveBase {private static Logger log = Logger. getLogger ("CrossSubdomainSessionValve"); public CrossSubdomainSessionValve () {super (); info = "me. seanchang. crossSubdomainSessionValve/1.0 ";} @ Overridepublic void invoke (Request request, Response response) throws IOEx Ception, ServletException {// this will cause Request. doGetSession to create the session cookie if // necessaryrequest. getSession (true); // replace any Tomcat-generated session cookies with our ownCookie [] cookies = response. getCookies (); if (cookies! = Null) {for (int I = 0; I <cookies. length; I ++) {Cookie cookie = cookies [I]; log.info ("CrossSubdomainSessionValve: Cookie name is" + cookie. getName (); if (Globals. SESSION_COOKIE_NAME.equals (cookie. getName () replaceCookie (request, response, cookie) ;}// process the next valvegetNext (). invoke (request, response);}/*** @ param request * @ param response * @ param cookie * cookie to be replaced. */pr Otected void replaceCookie (Request request, Response response, Cookie cookie) {// copy the existing session cookie, but use a different domainCookie newCookie = new Cookie (cookie. getName (), cookie. getValue (); if (cookie. getPath ()! = Null) newCookie. setPath (cookie. getPath (); newCookie. setDomain (getCookieDomain (request); newCookie. setMaxAge (cookie. getMaxAge (); newCookie. setVersion (cookie. getVersion (); if (cookie. getComment ()! = Null) newCookie. setComment (cookie. getComment (); newCookie. setSecure (cookie. getSecure (); // if the response has already been committed, our replacement strategy // will have no response tmimeheaders headers = new MimeHeaders (); if (response. isCommitted () log.info ("CrossSubdomainSessionValve: response was already committed! "); // Find the Set-Cookie header for the existing cookie and replace its // value with new cookieheaders = response. getCoyoteResponse (). getMimeHeaders (); for (int I = 0, size = headers. size (); I <size; I ++) {if (headers. getName (I ). equals ("Set-Cookie") {MessageBytes value = headers. getValue (I); if (value. indexOf (cookie. getName ()> = 0) {StringBuffer buffer = new StringBuffer (); ServerCookie. appendCookieValue (buffer, newCookie. getVersion (), newCookie. getName (), newCookie. getValue (), newCookie. getPath (), newCookie. getDomain (), newCookie. getComment (), newCookie. getMaxAge (), newCookie. getSecure (), true); log.info ("CrossSubdomainSessionValve: old Set-Cookie value:" + value. toString (); log.info ("CrossSubdomainSessionValve: new Set-Cookie value:" + buffer); value. setString (buffer. toString () ;}}}/ *** @ param request provides the server name used to create cookie domain. * @ return the last two parts of the specified request's server name preceded by a dot. */protected String getCookieDomain (Request request) {String cookieDomain = request. getServerName (); String [] parts = cookieDomain. split ("\\. "); if (parts. length> = 2) cookieDomain = parts [parts. length-2] + ". "+ parts [parts. length-1]; return ". "+ cookieDomain;} public String toString () turn (" CrossSubdomainSessionValve [container = "+ container. getName () + ']');}