Reputation: 863
An issue dealing with JSP Session
I'm having an inconvenient dealing with sessions..
I have this:
www.mydomain.com
sub1.mydomain.com
sub2.mydomain.com
sub3.mydomain.com
and when I log into "www", then I change to "sub2" (for example) I figure out it creates another session :S why is that??
I need the same session for www, sub1, sub2, sub3, and so on.. ALL in "mydomain.com"..
what can I do?? is it like that and I have to make a trick?? or is there a "legal" solution for what I want??
Upvotes: 1
Views: 970
Answers (3)
Reputation: 1813
Look at this tutorial: http://javadude.wordpress.com/2011/05/12/glassfish-3-1-%e2%80%93-clustering-tutorial-part2-sessions/ I summarized all steps for Glassfish 3.1 and session replication
Upvotes: 0
Reputation: 76719
The JSESSIONID cookie is issued by the container, and the cookie domain and path is always that of the web application's domain and context root.
It appears as if you have multiple applications in which case, the JSESSIONID issued by one application will not be recognized by another, due to a change in either the domain or the context root, even if the applications are in the same container.
There are multiple ways to deal with this:
- If you are not dealing with a high-value application, and if you can guarantee that no 'rogue' applications will be deployed on the server, you can configure the server to share sessions across applications. Weblogic Server can be configured to do this.
- Use a central authentication and session management provider - SSO.
- Use TLS/SSL - most servers do not issue a JSESSIONID cookie when communication is over SSL, and instead use SSL itself to store state. You will have mixed results here.
Update:
Glassfish v3 allows you to set the domain for the session cookie. This is done via the session-config element in sun-web.xml. I'm not sure if this is available in v2 or lower versions of Glassfish.
Upvotes: 3
Reputation: 4102
Yes, it is like that because you will have separate session cookie for every different domain. Which web server do you use ? You may implement SSO related solution to share data across the domains.
Upvotes: 1
Related Questions
- How to fix Session fixation issue in Web Application
- JSP session not using servlets
- Something wrong with servlet session invalidation with JSP
- Sessions in Java Servlets
- Setting session in JSP and getting session in servlet
- JSP session problem
- Session Problem in JSP
- Sessions in JSP
- Session in java servlet
- Session Problem