This discussion is archived
4 Replies Latest reply: Jun 6, 2013 12:17 AM by dominic lovell RSS

JSESSIONID across subdomains

dominic lovell Newbie
Currently Being Moderated
I'm trying to have my JSESSIONID at ".mysite.com" so it can be shared across subdomains.

I have a 4.2.2 GA JBOSS instance doing this with this method: http://shchekoldin.com/2010/05/27/sharing-jsessionid-across-subdomains/ (which is from here: https://jira.jboss.org/browse/JBWEB-107) using the custom valve approach. ATG 9.

However on the EAP 5.1 version (I've compiled against JDK 1.6) the same custom valve doesn't kick in. I added some debugging but it never gets called. ATG 10.

Also, I tried turning on the SSO option in server.xml (as per https://community.jboss.org/wiki/JBossWebSingleSignOn) through the non-clustered method, but this plays no impact on it either.

Does anyone know how I can the JSESSIONID cookie to sit across subdomains on JBOSS 5?

(Side note, if I have "foo.bar.mysite.com" will this ".mysite.com" domain stored against the cookie work for multiple sub domains - this is for testing, in prod we just have the one level).

Disclaimer - I've asked the same question on SO (but didn't mention it was using ATG): http://stackoverflow.com/questions/13303660/jsessionid-across-subdomains
  • 1. Re: JSESSIONID across subdomains
    Nitin Khare Expert
    Currently Being Moderated
    If you are trying to do it for session sharing across domains then you can probably also refer to something ATG offers for enabling session sharing across domains for multisite. Take a look at this in the ATG Platform Programming Guide and see if it helps:

    http://docs.oracle.com/cd/E35318_02/Platform.10-1-1/ATGPlatformProgGuide/html/s0906sharingasessionacrossmultipledom01.html
  • 2. Re: JSESSIONID across subdomains
    dominic lovell Newbie
    Currently Being Moderated
    I found what I needed:

    You add <SessionCookie domain="example.com"/> under <Context> in the WEB-INF/context.xml of your application.

    Edited by: dominiclovell on Nov 12, 2012 5:37 AM
  • 3. Re: JSESSIONID across subdomains
    998820 Newbie
    Currently Being Moderated
    Hi dominiclovell,

    I am trying to set my application's JSESSIONID to a custom name instead the default host name. I have configured /WEB-INF/context.xml as you have mentioned. for ex .
    <SessionCookie domain="example.com"/>
    But whenever I am hitting my application with localhost or 127.0.0.1 or another domain name (mytestapp.com) the JSESSIONID is created with the domain of the URL and not based on the value which I set in SessionCookie (example.com). Do I need to configure any other xml files in jboss.
  • 4. Re: JSESSIONID across subdomains
    dominic lovell Newbie
    Currently Being Moderated
    If not 100% sure on what you're trying to achieve, but if you configure JBoss to send a different host in the cookie, and request the same application via a different domain, your browser won't store the cookie for that session, as it sees it as a different domain and ignore it for that response.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points