修改tomcat6配置，快速实现主域名、二级域名之间session共享

 项目中遇到了每个用户一个二级域名的应用，但在主域名登录后，在二级域名的session中不能获当前已登录的用户，在网上找了一种方式，由于他写的不够完善，而且在我的应用中还有错，所以我再重写一次。

 

      新建一个java项目，新建org.three3s.valves包，新建如下CrossSubdomainSessionValve类

写道

package org.three3s.valves;

import java.io.*;

import javax.servlet.*;
import javax.servlet.http.*;

import org.apache.catalina.*;
import org.apache.catalina.connector.*;
import org.apache.catalina.valves.*;
import org.apache.tomcat.util.buf.*;
import org.apache.tomcat.util.http.*;

/**
* <p>
* Replaces the domain of the session cookie generated by Tomcat with a domain
* that allows that session cookie to be shared across subdomains. This valve
* digs down into the response headers and replaces the Set-Cookie header for
* the session cookie, instead of futilely trying to modify an existing Cookie
* object like the example at http://www.esus.be/blog/?p=3. That approach does
* not work (at least as of Tomcat 6.0.14) because the
* <code>org.apache.catalina.connector.Response.addCookieInternal</code> method
* renders the cookie into the Set-Cookie response header immediately, making
* any subsequent modifying calls on the Cookie object ultimately pointless.
* </p>
*
* <p>
* This results in a single, cross-subdomain session cookie on the client that
* allows the session to be shared across all subdomains. However, see the
* {@link getCookieDomain(Request)} method for limits on the subdomains.
* </p>
*
* <p>
* Note though, that this approach will fail if the response has already been
* committed. Thus, this valve forces Tomcat to generate the session cookie and
* then replaces it before invoking the next valve in the chain. Hopefully this
* is early enough in the valve-processing chain that the response will not have
* already been committed. You are advised to define this valve as early as
* possible in server.xml to ensure that the response has not already been
* committed when this valve is invoked.
* </p>
*
* <p>
* We recommend that you define this valve in server.xml immediately after the
* Catalina Engine as follows:
*
* <pre>
* <Engine name="Catalina"...>
* <Valve className="org.three3s.valves.CrossSubdomainSessionValve"/>
* </pre>
*
* </p>
*/
public class CrossSubdomainSessionValve
extends ValveBase
{
public CrossSubdomainSessionValve()
{
super();
info = "org.three3s.valves.CrossSubdomainSessionValve/1.0";
}

@Override
public void invoke(Request request, Response response) throws
IOException, ServletException
{
//this will cause Request.doGetSession to create the session cookie if necessary
request.getSession(true);

//replace any Tomcat-generated session cookies with our own
Cookie[] cookies = response.getCookies();
if (cookies != null)
{
for (int i = 0; i < cookies.length; i++)
{
Cookie cookie = cookies[i];
if (Globals.SESSION_COOKIE_NAME.equals(cookie.getName()))
replaceCookie(request, response, cookie);
}
}

//process the next valve
getNext().invoke(request, response);
}

/**
* Replaces the value of the response header used to set the specified
* cookie to a value with the cookie's domain set to the value returned by
* <code>getCookieDomain(request)</code>
*
* @param request
* @param response
* @param cookie
* cookie to be replaced.
*/
protected void replaceCookie(Request request, Response response,
Cookie cookie)
{
//copy the existing session cookie, but use a different domain
Cookie newCookie = new Cookie(cookie.getName(), cookie.getValue());
if (cookie.getPath() != null)
newCookie.setPath(cookie.getPath());
newCookie.setDomain(getCookieDomain(request));
newCookie.setMaxAge(cookie.getMaxAge());
newCookie.setVersion(cookie.getVersion());
if (cookie.getComment() != null)
newCookie.setComment(cookie.getComment());
newCookie.setSecure(cookie.getSecure());

//if the response has already been committed, our replacementstrategy will have no effect
//if (response.isCommitted())

//find the Set-Cookie header for the existing cookie andreplace its value with new cookie
MimeHeaders headers = response.getCoyoteResponse().getMimeHeaders();
for (int i = 0, size = headers.size(); i < size; i++)
{
if (headers.getName(i).equals("Set-Cookie"))
{
MessageBytes value = headers.getValue(i);
if (value.indexOf(cookie.getName()) >= 0)
{
StringBuffer buffer = new StringBuffer();
ServerCookie.appendCookieValue(buffer,newCookie.getVersion(), newCookie
.getName(), newCookie.getValue(),newCookie.getPath(), newCookie
.getDomain(), newCookie.getComment(),newCookie.getMaxAge(), newCookie
.getSecure());
value.setString(buffer.toString());
}
}
}
}

/**
* Returns the last two parts of the specified request's server name
* preceded by a dot. Using this as the session cookie's domain allows the
* session to be shared across subdomains. Note that this implies the
* session can only be used with domains consisting of two or three parts,
* according to the domain-matching rules specified in RFC 2109 and RFC
* 2965.
*
* <p>
* Examples:
* </p>
* <ul>
* <li>foo.com => .foo.com</li>
* <li>www.foo.com => .foo.com</li>
* <li>bar.foo.com => .foo.com</li>
* <li>abc.bar.foo.com => .foo.com - this means cookie won't work on
* abc.bar.foo.com!</li>
* </ul>
*
* @param request
* provides the server name used to create cookie domain.
* @return the last two parts of the specified request's server name
* preceded by a dot.
*/
protected String getCookieDomain(Request request)
{
String cookieDomain = request.getServerName();
String[] parts = cookieDomain.split("\\.");
if (parts.length >= 2)
cookieDomain = parts[parts.length - 2] + "."
+ parts[parts.length - 1];
return "." + cookieDomain;
}

public String toString()
{
return ("CrossSubdomainSessionValve[container=" + container.getName() + ']');
}
}

 注：我删了“clin8888”的log日志记录，因为在我的应用里报错.

 

      在项目中导入$CATALINA_HOME/lib下所有的jar包，就不会报错了，然后导出一个jar文件，放入 $CATALINA_HOME/lib中，修改 $CATALINA_HOME/conf/server.xml文件，将

写道

<Valve className="org.three3s.valves.CrossSubdomainSessionValve"/>

 放入<Host>标签中，也可以放到<Engine>标签中。个人猜想：如果放入<Host>标签中应该只是当前项目的主域名和二级域名session共享，如果放到<Engine>标签中，应该是该tomcat下所有的项目都是主域名和二级域名共享(没有实验)。

 

方便对于tomcat的二级域名的使用..而导致session失效的解决方法..

需要引用的包是..

下载CrossSubdomainSessionValve包.. 把下载的包,放到$CATALINA_HOME/server/lib 里面

然后修改tomcat的配置文件: $CATALINA_HOME/conf/server.xml

在标签"Engine",中添加依家配置标签..

<Valve className="org.three3s.valves.CrossSubdomainSessionValve"/>  

类似于:

<Engine name="Catalina"...>   
       <valve className="org.three3s.valves.CrossSubdomainSessionValve"/>   

</Engine>

以下是图片显示:

 

发表

本文来自CSDN博客，转载请标明出处：http://blog.csdn.net/wqfeng520/archive/2010/11/29/6042596.aspx

http://skyluck.iteye.com/blog/747465