Author: markt
Date: Wed Jun  9 14:30:30 2010
New Revision: 953025

URL: http://svn.apache.org/viewvc?rev=953025&view=rev
Log:
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48379
Make session cookie name, domain and path configurable per context

Modified:
    tomcat/tc6.0.x/trunk/STATUS.txt
    tomcat/tc6.0.x/trunk/java/org/apache/catalina/Context.java
    tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
    tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Request.java
    tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/StandardContext.java
    
tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java
    tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
    tomcat/tc6.0.x/trunk/webapps/docs/config/context.xml

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=953025&r1=953024&r2=953025&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Wed Jun  9 14:30:30 2010
@@ -62,13 +62,6 @@ PATCHES PROPOSED TO BACKPORT:
     message text ("starting"),  vs. what actually happened (initialize()) -
     I won't insist on fixing that inconsistency.
 
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48379
-  Make session cookie name, domain and path configurable per context.
-  Updated patch in response to review comments from kkolinko & rjung
-  http://people.apache.org/~markt/patches/2010-06-07-bug48379.patch
-  +1: markt, jfclere, kkolinko
-  -1: 
-
 * Configure Tomcat to use HttpOnly for session cookies by default
   
http://people.apache.org/~kkolinko/patches/2010-04-21_tc6_context_httpOnly.patch
   +1: kkolinko

Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/Context.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/Context.java?rev=953025&r1=953024&r2=953025&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/Context.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/Context.java Wed Jun  9 
14:30:30 2010
@@ -181,6 +181,26 @@ public interface Context extends Contain
      */
     public void setCookies(boolean cookies);
 
+    
+    /**
+     * Gets the name to use for session cookies. Overrides any setting that
+     * may be specified by the application.
+     * 
+     * @return  The value of the default session cookie name or null if not
+     *          specified
+     */
+    public String getSessionCookieName();
+    
+    
+    /**
+     * Sets the name to use for session cookies. Overrides any setting that
+     * may be specified by the application.
+     * 
+     * @param sessionCookieName   The name to use
+     */
+    public void setSessionCookieName(String sessionCookieName);
+
+    
     /**
      * Gets the value of the use HttpOnly cookies for session cookies flag.
      * 
@@ -198,12 +218,50 @@ public interface Context extends Contain
      */
     public void setUseHttpOnly(boolean useHttpOnly);
     
+    
+    /**
+     * Gets the domain to use for session cookies. Overrides any setting that
+     * may be specified by the application.
+     * 
+     * @return  The value of the default session cookie domain or null if not
+     *          specified
+     */
+    public String getSessionCookieDomain();
+    
+    
+    /**
+     * Sets the domain to use for session cookies. Overrides any setting that
+     * may be specified by the application.
+     * 
+     * @param sessionCookieDomain   The domain to use
+     */
+    public void setSessionCookieDomain(String sessionCookieDomain);
+
+    
+    /**
+     * Gets the path to use for session cookies. Overrides any setting that
+     * may be specified by the application.
+     * 
+     * @return  The value of the default session cookie path or null if not
+     *          specified
+     */
+    public String getSessionCookiePath();
+    
+    
+    /**
+     * Sets the path to use for session cookies. Overrides any setting that
+     * may be specified by the application.
+     * 
+     * @param sessionCookiePath   The path to use
+     */
+    public void setSessionCookiePath(String sessionCookiePath);
+
+    
     /**
      * Return the "allow crossing servlet contexts" flag.
      */
     public boolean getCrossContext();
 
-
     
     /**
      * Return the alternate Deployment Descriptor name.

Modified: 
tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java?rev=953025&r1=953024&r2=953025&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java 
Wed Jun  9 14:30:30 2010
@@ -592,9 +592,11 @@ public class CoyoteAdapter implements Ad
         if (count <= 0)
             return;
 
+        String sessionCookieName = getSessionCookieName(context);
+        
         for (int i = 0; i < count; i++) {
             ServerCookie scookie = serverCookies.getCookie(i);
-            if (scookie.getName().equals(Globals.SESSION_COOKIE_NAME)) {
+            if (scookie.getName().equals(sessionCookieName)) {
                 // Override anything requested in the URL
                 if (!request.isRequestedSessionIdFromCookie()) {
                     // Accept only the first session id cookie
@@ -868,9 +870,6 @@ public class CoyoteAdapter implements Ad
     }
 
 
-    // ------------------------------------------------------ Protected Methods
-
-
     /**
      * Copy an array of bytes to a different position. Used during 
      * normalization.
@@ -882,4 +881,18 @@ public class CoyoteAdapter implements Ad
     }
 
 
+    private String getSessionCookieName(Context context) {
+        
+        String result = null;
+        
+        if (context != null) {
+            result = context.getSessionCookieName();
+        }
+        
+        if (result == null) {
+            result = Globals.SESSION_COOKIE_NAME;
+        }
+        
+        return result;
+    }
 }

Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Request.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Request.java?rev=953025&r1=953024&r2=953025&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Request.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Request.java Wed 
Jun  9 14:30:30 2010
@@ -2251,22 +2251,18 @@ public class Request
             return;
         
         if (response != null) {
-            Cookie newCookie = new Cookie(Globals.SESSION_COOKIE_NAME,
-                    newSessionId);
-            newCookie.setMaxAge(-1);
-            String contextPath = null;
-            if (!response.getConnector().getEmptySessionPath()
-                    && (context != null)) {
-                contextPath = context.getEncodedPath();
+            String scName = null;
+            if (context != null) {
+                scName = context.getSessionCookieName();
             }
-            if ((contextPath != null) && (contextPath.length() > 0)) {
-                newCookie.setPath(contextPath);
-            } else {
-                newCookie.setPath("/");
-            }
-            if (isSecure()) {
-                newCookie.setSecure(true);
+            if (scName == null) {
+                scName = Globals.SESSION_COOKIE_NAME;
             }
+            
+            Cookie newCookie = new Cookie(scName, newSessionId);
+
+            configureSessionCookie(newCookie);
+
             if (context == null) {
                response.addSessionCookieInternal(newCookie, false);
             } else {
@@ -2395,8 +2391,11 @@ public class Request
         // Creating a new session cookie based on that session
         if ((session != null) && (getContext() != null)
                && getContext().getCookies()) {
-            Cookie cookie = new Cookie(Globals.SESSION_COOKIE_NAME,
-                                       session.getIdInternal());
+            String scName = context.getSessionCookieName();
+            if (scName == null) {
+                scName = Globals.SESSION_COOKIE_NAME;
+            }
+            Cookie cookie = new Cookie(scName, session.getIdInternal());
             configureSessionCookie(cookie);
             response.addSessionCookieInternal(cookie, 
context.getUseHttpOnly());
         }
@@ -2417,15 +2416,27 @@ public class Request
      */
     protected void configureSessionCookie(Cookie cookie) {
         cookie.setMaxAge(-1);
+        
+        Context ctxt = getContext();
+        
         String contextPath = null;
-        if (!connector.getEmptySessionPath() && (getContext() != null)) {
-            contextPath = getContext().getEncodedPath();
+        if (ctxt != null && !getConnector().getEmptySessionPath()) {
+            if (ctxt.getSessionCookiePath() != null) {
+                contextPath = ctxt.getSessionCookiePath();
+            } else {
+                contextPath = ctxt.getEncodedPath();
+            }
         }
         if ((contextPath != null) && (contextPath.length() > 0)) {
             cookie.setPath(contextPath);
         } else {
             cookie.setPath("/");
         }
+        
+        if (ctxt != null && ctxt.getSessionCookieDomain() != null) {
+            cookie.setDomain(ctxt.getSessionCookieDomain());
+        }
+
         if (isSecure()) {
             cookie.setSecure(true);
         }

Modified: 
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/StandardContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/StandardContext.java?rev=953025&r1=953024&r2=953025&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/StandardContext.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/StandardContext.java Wed 
Jun  9 14:30:30 2010
@@ -703,11 +703,34 @@ public class StandardContext
      */
     private boolean saveConfig = true;
 
+    
     /**
      * The flag that indicates that session cookies should use HttpOnly
      */
     private boolean useHttpOnly = false;
 
+    
+    /**
+     * The domain to use for session cookies. <code>null</code> indicates that
+     * the domain is controlled by the application.
+     */
+    private String sessionCookieDomain;
+
+    
+    /**
+     * The path to use for session cookies. <code>null</code> indicates that
+     * the path is controlled by the application.
+     */
+    private String sessionCookiePath;
+
+    
+    /**
+     * The name to use for session cookies. <code>null</code> indicates that
+     * the name is controlled by the application.
+     */
+    private String sessionCookieName;
+
+    
     /**
      * Should Tomcat attempt to terminate threads that have been started by the
      * web application? Stopping threads is performed via the deprecated (for
@@ -1176,8 +1199,79 @@ public class StandardContext
     }
     
     
+    /**
+     * Gets the domain to use for session cookies.
+     * 
+     * @return  The value of the default session cookie domain or null if not
+     *          specified
+     */
+    public String getSessionCookieDomain() {
+        return sessionCookieDomain;
+    }
+    
+    
+    /**
+     * Sets the domain to use for session cookies.
+     * 
+     * @param sessionCookieDomain   The domain to use
+     */
+    public void setSessionCookieDomain(String sessionCookieDomain) {
+        String oldSessionCookieDomain = this.sessionCookieDomain;
+        this.sessionCookieDomain = sessionCookieDomain;
+        support.firePropertyChange("sessionCookieDomain",
+                oldSessionCookieDomain, sessionCookieDomain);
+    }
+
+
+    /**
+     * Gets the path to use for session cookies.
+     * 
+     * @return  The value of the default session cookie path or null if not
+     *          specified
+     */
+    public String getSessionCookiePath() {
+        return sessionCookiePath;
+    }
+    
+    
+    /**
+     * Sets the path to use for session cookies.
+     * 
+     * @param sessionCookiePath   The path to use
+     */
+    public void setSessionCookiePath(String sessionCookiePath) {
+        String oldSessionCookiePath = this.sessionCookiePath;
+        this.sessionCookiePath = sessionCookiePath;
+        support.firePropertyChange("sessionCookiePath",
+                oldSessionCookiePath, sessionCookiePath);
+    }
 
+    
+    /**
+     * Gets the name to use for session cookies.
+     * 
+     * @return  The value of the default session cookie name or null if not
+     *          specified
+     */
+    public String getSessionCookieName() {
+        return sessionCookieName;
+    }
+    
+    
+    /**
+     * Sets the name to use for session cookies. Overrides any setting that
+     * may be specified by the application.
+     * 
+     * @param sessionCookieName   The name to use
+     */
+    public void setSessionCookieName(String sessionCookieName) {
+        String oldSessionCookieName = this.sessionCookieName;
+        this.sessionCookieName = sessionCookieName;
+        support.firePropertyChange("sessionCookieName",
+                oldSessionCookieName, sessionCookieName);
+    }
 
+    
     /**
      * Return the "allow crossing servlet contexts" flag.
      */

Modified: 
tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java?rev=953025&r1=953024&r2=953025&view=diff
==============================================================================
--- 
tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java
 (original)
+++ 
tomcat/tc6.0.x/trunk/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java
 Wed Jun  9 14:30:30 2010
@@ -455,25 +455,40 @@ public class JvmRouteBinderValve extends
             Context context = request.getContext();
             if (context.getCookies()) {
                 // set a new session cookie
-                Cookie newCookie = new Cookie(Globals.SESSION_COOKIE_NAME,
-                        sessionId);
+                String scName = context.getSessionCookieName();
+                if (scName == null) {
+                    scName = Globals.SESSION_COOKIE_NAME;
+                }
+                Cookie newCookie = new Cookie(scName, sessionId);
+                
                 newCookie.setMaxAge(-1);
+                
                 String contextPath = null;
-                if (!response.getConnector().getEmptySessionPath()
-                        && (context != null)) {
-                    contextPath = context.getEncodedPath();
+                if (!response.getConnector().getEmptySessionPath() &&
+                        (context != null)) {
+                    if (context.getSessionCookiePath() != null) {
+                        contextPath = context.getSessionCookiePath();
+                    } else {
+                        contextPath = context.getEncodedPath();
+                    }
                 }
                 if ((contextPath != null) && (contextPath.length() > 0)) {
                     newCookie.setPath(contextPath);
                 } else {
                     newCookie.setPath("/");
                 }
+                
+                if (context.getSessionCookieDomain() != null) {
+                    newCookie.setDomain(context.getSessionCookieDomain());
+                }
+
                 if (request.isSecure()) {
                     newCookie.setSecure(true);
                 }
+
                 if (log.isDebugEnabled()) {
                     Object[] args = new Object[] {sessionId,
-                            Globals.SESSION_COOKIE_NAME,
+                            newCookie.getName(),
                             newCookie.getPath(),
                             new Boolean(newCookie.getSecure()),
                             new Boolean(context.getUseHttpOnly())};

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=953025&r1=953024&r2=953025&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Wed Jun  9 14:30:30 2010
@@ -62,6 +62,10 @@
         Improve exception handling on session de-serialization to assist in
         identifying the root cause of <bug>48007</bug>. (kkolinko)
       </fix>
+      <add>
+        <bug>48379</bug>: Make session cookie name, domain and path 
configurable
+        per context. (markt)
+      </add>
       <fix>
         <bug>48589</bug>: Make JNDIRealm easier to extend. Based on a patch by
         Candid Dauth. (markt/kkolinko)

Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/context.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/context.xml?rev=953025&r1=953024&r2=953025&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/context.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/context.xml Wed Jun  9 14:30:30 
2010
@@ -227,6 +227,27 @@
         on demand.</p>
       </attribute>
 
+      <attribute name="sessionCookieDomain" required="false">
+        <p>The domain to be used for all session cookies created for this
+        Context. If not set, no domain will be specified for session cookies.
+        </p>
+      </attribute>
+      
+      <attribute name="sessionCookieName" required="false">
+        <p>The name to be used for all session cookies created for this
+        Context. If not set, the default of JSESSIONID will be used. Note that
+        this default will be overridden by the
+        <strong>org.apache.catalina.SESSION_COOKIE_NAME</strong> system
+        property.</p>
+      </attribute>
+
+      <attribute name="sessionCookiePath" required="false">
+        <p>The path to be used for all session cookies created for this
+        Context. If not set, the context path will be used. Note that this will
+        be overridden by the <strong>emptySessionPath</strong> attribute on the
+        connector used to access this Context.</p>
+      </attribute>
+
       <attribute name="wrapperClass" required="false">
         <p>Java class name of the <code>org.apache.catalina.Wrapper</code>
         implementation class that will be used for servlets managed by this



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to