Dynamically change domain of JSESSIONID cookie?

Question

How can i dynamically change the domain of the JSESSIONID cookie that tomcat or jetty generates?

I stumbled accross this one: Sharing session data between contexts in Tomcat

But i need to do this on request basis (the above is on context basis).

For example:

request1 comes from www.testdomain1.com and needs the domain ".testdomain1.com".
request2 comes from www.testdomain2.com and needs the domain ".testdomain2.com".

The domains are not known at deploy time and can change any time.

I used a simple servlet filter with a HttpServletResponseWrapper for cookies from my application, but JSESSIONID doesn't get intercepted by the filter (it's not generated by the webapp but by the container).

[edit] can't go the httpRequest.getSession().getServletContext().getSessionCookieConfig().setDomain() way, cause it seems the sessioncookieconfig is readonly after the context is initialized..

[edit] can't go with a tomcat valve cause the response is already commited (isCommitted is true). In addition tomcat doesn't use reponse addCookie or header methodes to set JSESSIONID cookie. And Response class is final so not wrapper can't be created for that one.

[edit] with jetty a custom SessionHandler is not working either, cause there is no access to the request object.

I highly suspect this entire thing is impossible. The only solution i can see is to put a proxy in front of the servlet container and change the cookie this way, but that is overkill.

score 0 · Answer 1 · answered Jan 09 '18 at 12:24

0

In the next request that is after the session is created, get all the cookies

Cookie[] c = request.getCookies();
//for loop{
  if(c.getName.equals("JSESSIONID")){
         c.setDomain("....);
   }
}

answered Jan 09 '18 at 12:24

ramp

1,256
8
14

Dynamically change domain of JSESSIONID cookie?

1 Answers1