Tomcat过滤器来管理会话

Question

I have two web application. Application A needs to call rest services of Application B. I wanted to put some security on rest services of Application B, so I came out with this workflow:

When the user authenticate on Application A it performs also an authentication on Application B with a servlet on B that returns a cookie. The servlet is something like:

    authenticate(postData): // throw Exceptions

    HttpSession session = request.getSession(true);

    Cookie cookie = new Cookie("JSESSIONID", session.getId());
    cookie.setDomain(request.getContextPath());
    cookie.setDomain(request.getServerName());
    response.addCookie(cookie);

Application A stores the cookie value in the user session, and then when needed Application A use the stored cookie to calls B.

On BI have a filter in front of my rest services that is assuming to handle requests to check if these are authenticated or not.

The filter do something like:

    HttpServletRequest servletRequest = (HttpServletRequest) request;
    HttpSession session = servletRequest.getSession(false);

    if (null == session) {

        LOGGER.error("KO");
        HttpServletResponse servletResponse = (HttpServletResponse) request;
        servletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

    } else {
        // OK
        chain.doFilter(request, response);
    }

now, I was expecting that

request.getSession(false);

will returned previously created session, cause it were tomcat who created the session in the authenticate, but it isn't working.

What I'm missing?

Answer 1

Sorry, the error was here clear and visible:

cookie.setDomain(request.getContextPath());
cookie.setDomain(request.getServerName());

That now became:

cookie.setPath(request.getContextPath());
cookie.setDomain(request.getServerName());

and it worked fine.