有关JSP会话的问题

Question

I'm having an inconvenient dealing with sessions..

I have this:

www.mydomain.com
sub1.mydomain.com
sub2.mydomain.com
sub3.mydomain.com

and when I log into "www", then I change to "sub2" (for example) I figure out it creates another session :S why is that??

I need the same session for www, sub1, sub2, sub3, and so on.. ALL in "mydomain.com"..

what can I do?? is it like that and I have to make a trick?? or is there a "legal" solution for what I want??

Answer 1

The JSESSIONID cookie is issued by the container, and the cookie domain and path is always that of the web application's domain and context root.

It appears as if you have multiple applications in which case, the JSESSIONID issued by one application will not be recognized by another, due to a change in either the domain or the context root, even if the applications are in the same container.

There are multiple ways to deal with this:

• If you are not dealing with a high-value application, and if you can guarantee that no 'rogue' applications will be deployed on the server, you can configure the server to share sessions across applications. Weblogic Server can be configured to do this.
• Use a central authentication and session management provider - SSO.
• Use TLS/SSL - most servers do not issue a JSESSIONID cookie when communication is over SSL, and instead use SSL itself to store state. You will have mixed results here.

Update :

Glassfish v3 allows you to set the domain for the session cookie. This is done via the session-config element in sun-web.xml . I'm not sure if this is available in v2 or lower versions of Glassfish.

Answer 2

Yes, it is like that because you will have separate session cookie for every different domain. Which web server do you use ? You may implement SSO related solution to share data across the domains.

Answer 3

查看本教程： http : //javadude.wordpress.com/2011/05/12/glassfish-3-1-%e2%80%93-clustering-tutorial-part2-sessions/我总结了Glassfish 3.1和会话复制