Use sessionCookieDomain in META-INF/context.xml only when deployed to production

Question

I have an Enterprise Java application with Spring Security on AWS, configured to use myapp.com and www.myapp.com. The problem is that both of these maintain a separate session (requiring login on one even if you're logged in on the other), which I want to solve.

This answer mentions that you can achieve this by setting sessionCookieDomain in META-INF/context.xml to the root domain -

<Context sessionCookiePath="/" sessionCookieDomain=".myapp.com" />

However, this does not allow me to run the web app locally. I have to either remove or replace it with -

<Context sessionCookiePath="/myapp" sessionCookieDomain="localhost" />

I'm fine with not having to specify it for running it locally. So, is there a way to use that <Context> parameter only when the web application is deployed to production?

If not, is it possible to either dynamically modify them based on the environment (local or production), or specify them both without conflict? Currently, Eclipse won't allow me to specify both.

Answer 1

Did you try to map the "local.myapp.com" domain to your local IP?
And you may use the same sessionCookieDomain=".myapp.com" configurations.

And I just tried that sessionCookieDomain="myapp.com" seems to be working.

Answer 2

This kind of configuration is specific to the server, where the application is deployed, so it shouldn't be distributed in META-INF/context.xml. A more proper location would be:

• a $CATALINA_BASE/conf/[enginename]/[hostname]/context.xml.default, where [enginename] is usually Catalina, while [hostname] is the configured name of the <Host>,
• or $CATALINA_BASE/conf/context.xml if this concerns all <Host> elements.

See also:

• Tomcat's documentation