支持weblogic中的多个cookie域
[英]Support for multiple cookie-domains in weblogic
问题描述
We have a weblogic application that needs to support being served from multiple domains (eg "foo.com" and "bar.com"). 
我们有一个weblogic应用程序,需要支持从多个域(例如“ foo.com”和“ bar.com”)提供服务。 Once a user initiates a session on one of these domains they can visit to subdomains off that primary domain (eg "a.foo.com", "b.foo.com") and share that session across all of these subdomains. 一旦用户在这些域之一上发起会话,他们就可以访问该主域之外的子域(例如“ a.foo.com”,“ b.foo.com”),并在所有这些子域之间共享该会话。 If a user jumps from "foo.com" to "bar.com", they will lose their session, which is fine. 如果用户从“ foo.com”跳到“ bar.com”,他们将失去会话,这很好。
We were able to successfully implement this on JBoss/Tomcat by customizing a 'Valve' to rewrite the session cookie to always be at the top level domain for the serverName that is being requested (ie request.getServerName()). 通过定制“ Valve”来重写会话cookie,使其始终位于所请求的serverName的顶级域(即request.getServerName()),我们能够在JBoss / Tomcat上成功实现此目的。
However, we are currently in the process of migrating our application from JBoss to Weblogic and are trying to figure out how to support the same requirement. 但是,我们目前正在将应用程序从JBoss迁移到Weblogic的过程中,并且正在尝试找出如何支持相同的需求。 We have found that weblogic does allow for sharing sessions across multiple subdomains of a single domain by setting the 'cookie-domain' property within the weblogic.xml: 我们发现,通过在weblogic.xml中设置'cookie-domain'属性,weblogic确实允许跨单个域的多个子域共享会话:
<session-descriptor>
<cookie-path>/store</cookie-path >
<cookie-domain>.foo.com</cookie-domain>
</session-descriptor>
However, we haven't figured out how to configure support for multiple domains (ie both foo.com and bar.com). 但是,我们还没有弄清楚如何配置对多个域的支持(即foo.com和bar.com)。 From what we can tell, the weblogic.xml file doesn't support this. 据我们所知,weblogic.xml文件不支持此功能。
If we only configure one of the domains in the weblogic.xml, sessions do not work properly for the domain that is not configured (ie every request leads to a new session). 如果我们仅在weblogic.xml中配置一个域,则会话对于未配置的域将无法正常工作(即,每个请求都导致一个新的会话)。
Any ideas on how we can support sessions across different domains for a single web-app on weblogic? 关于如何为weblogic上的单个Web应用程序支持跨域会话的任何想法?
We are running on Weblogic 12c. 我们正在Weblogic 12c上运行。
2 个解决方案
解决方案1
1 已采纳 2014-08-06 00:39:53
As of WebLogic 12c, Oracle confirmed that what we were trying to do is not currently supported. 从WebLogic 12c开始,Oracle确认当前不支持我们尝试执行的操作。 There are also no immediate plans to implement such a feature. 也没有立即计划实现这种功能。
The workaround that we chose to implement was to use mod_rewrite to rewrite the domain of the JSESSIONID cookie at the HTTP server level to be the domain of the request. 我们选择实现的解决方法是使用mod_rewrite在HTTP服务器级别将JSESSIONID cookie的域重写为请求的域。
解决方案2
0 2015-07-13 03:39:14
I believe such an option should NOT be supported. 我认为不应该支持这种选择。 If it is allowed then nothing prevents hotmail.com from configuring yahoo.com (say) in its configuration file and getting access to yahoo's JSESSIONID value. 如果允许,则什么都不会阻止hotmail.com在其配置文件中配置yahoo.com(例如)并访问yahoo的JSESSIONID值。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.