GlassFish v3 JSESSIONID 多个子域和 TLD
我们正在构建一个 Web 应用程序来为多个区域网站 TLD 提供服务。此外,Web应用程序还支持数千个动态子域。示例包括:
www.example.com
www.example.co.uk
www.example.com.ar
fred123.example.co.uk <== Thousands of this form
fred123.p.example.us <== Thousands of this form
虽然我们可以理解不同的域 TLD 会导致新的会话,但上面的后 2 个示例开始出现问题,这也会导致新的会话实例。例如,如果用户:
- 转到:www.example.co.uk 将创建一个新会话,然后...
- 单击链接:fred123.example.co.uk 将创建一个新会话,然后...
- 单击链接:sam99.example.co.uk 创建一个新会话...
3次点击==>> 3节课!!!
该问题似乎是由于 GlassFish v3 自动将 JSESSIONID 的域设为主机请求的 FQDN。
需要的是,主机名部分至少要从域值中剥离,以获得如下域值:
.example.com
.example.co.uk
.example.com.ar
.example.co.uk <== Thousands of this form
.p.example.us <== Thousands of this form
有谁知道如何实现这一点。我发现了以下问答,但在我们的例子中,子域 TLD 并不全部匹配:
因此,静态配置 sun-web.xml 或使用 Servlet 3.0 解决方案的解决方案似乎没有帮助。此外,创建过滤器响应包装器也不起作用,因为 JSESSIONID cookie 是在应用程序服务器的较低级别中分配的,并且不会暴露给 Web 应用程序进行拦截。
我认为我唯一的另外两个选择是:
a) 修补将 JSESSIONID cookie 域值设置为 FQDN 的 GlassFish v3 代码,以便发生一些剥离,或者
b) 在 Sun Web Server 7.0 反向代理层中执行一些我们必须重新执行的操作-写入 set-cookie 标头中返回的 JSESSIONID cookie 域值,但是我无法找到有关如何执行此操作的示例
有人可以帮助解决此问题吗?任何线索/帮助将非常感激!
We have one web application that is being built to serve multiple regional web site TLDs. In addition, the web application also supports thousands of dynamic subdomains. Examples include:
www.example.com
www.example.co.uk
www.example.com.ar
fred123.example.co.uk <== Thousands of this form
fred123.p.example.us <== Thousands of this form
While we can understand that different domain TLDs result in new sessions a problem starts to appear with the latter 2 examples above which also result in new session instances. For example if a user:
- Goes to: www.example.co.uk a new session is created and then...
- Clicks on a link: fred123.example.co.uk a new session is created and then...
- Clicks on a link: sam99.example.co.uk a new session is created...
3 clicks ==>> 3 sessions!!!!
The problem appears to be due to the fact that GlassFish v3 automatically makes the domain of the JSESSIONID to be the FQDN of the host request.
What is required is that the host name part be stripped off the domain value at the very least to have domains values like:
.example.com
.example.co.uk
.example.com.ar
.example.co.uk <== Thousands of this form
.p.example.us <== Thousands of this form
Does anyone know how this can be achieved. I have found the following Q&A however in our case the subdomain TLDs do not all match:
An issue dealing with JSP Session
Ergo the solution of statically configuring the sun-web.xml OR using a Servlet 3.0 solution does not appear to help. Also creating a filter response wrapper does not work either as the JSESSIONID cookie is assigned in the lower levels of the Application server and is not exposed to the Web App to intercept.
The only other two options I think I have are:
a) Patch the GlassFish v3 code that sets JSESSIONID cookie domain value to FQDN so that some stripping occurs OR
b) Doing something in the Sun Web Server 7.0 reverse proxy layer that we have to re-write the JSESSIONID cookie domain value returned in the set-cookie header however I have not been able to find examples on how to do this
Can anyone help resolve this issue? Any clues / help will be very much appreciated!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
使用 Apache 和 mod_headers 重写 cookie?
使用 Tomcat 允许子域会话 cookie 的最佳方式
Using Apache and mod_headers to rewrite the cookies?
Best way for allowing subdomain session cookies using Tomcat