CODEWITHSUNDEEP
springtomcatspring-session
prptn
prptn

Reputation: 299

Configure Cookie Domain in spring session

So I already success implement SSO using spring session and redis on development localhost domain. But when I deploy to server using two sub domain.

login.example.com

apps.example.com

They always create new session Id on each sub domain. I already try to configure using Context in tomcat configuration.

<Context sessionCookieDomain=".example.com" sessionCookiePath="/">

But no luck.

Upvotes: 0

Views: 5046

Answers (2)

prptn
prptn

Reputation: 299

Finally I succeeded to setdomain on application level.

You're right, I hope in the future they implement the feature to set domain.

For now I create CustomCookieHttpSessionStrategy for my own implmentation.

private Cookie createSessionCookie(HttpServletRequest request,
        Map<String, String> sessionIds) {
...
      sessionCookie.setDomain(".example.com");
      // TODO set domain?
...
}

And then register bean as HttpSessionStrategy.

Upvotes: 0

tsachev
tsachev

Reputation: 1161

Spring session moves the session management on application level, so no surprise that trying to configure the container (in your case tomcat) has no effect. Currently there is a TODO in spring-session code to allow setting the domain, but is not implemented.

Maybe it is best to open an issue to allow setting the domain or comment/vote on https://github.com/spring-projects/spring-session/issues/112.

Meanwhile a workaround would be to go with your own implementation of MultiHttpSessionStrategy based on CookieHttpSessionStrategy.

Upvotes: 0

Related Questions