/**
+ * Gets the name to use for session cookies. Overrides any setting that
+ * may be specified by the application.
+ *
+ * @return The value of the default session cookie name or null if not
+ * specified
+ */
+ public String getSessionCookieName();
+
+
+ /**
+ * Sets the name to use for session cookies. Overrides any setting that
+ * may be specified by the application.
+ *
+ * @param sessionCookieName The name to use
+ */
+ public void setSessionCookieName(String sessionCookieName);
+
+
+ /**
* Gets the value of the use HttpOnly cookies for session cookies flag.
*
* @return <code>true</code> if the HttpOnly flag should be set on session
* The name of the cookie used to pass the session identifier back
* and forth with the client.
*/
- public static final String SESSION_COOKIE_NAME =
- System.getProperty("org.apache.catalina.SESSION_COOKIE_NAME",
- "JSESSIONID");
+ public static final String SESSION_COOKIE_NAME = "JSESSIONID";
/**
import org.apache.catalina.Wrapper;
import org.apache.tomcat.util.res.StringManager;
import org.apache.catalina.comet.CometEvent;
+import org.apache.catalina.core.ApplicationSessionCookieConfig;
import org.apache.catalina.core.AsyncContextImpl;
import org.apache.catalina.util.ServerInfo;
import org.apache.catalina.util.URLEncoder;
if (count <= 0)
return;
+ String sessionCookieName =
+ ApplicationSessionCookieConfig.getSessionCookieName(context);
+
for (int i = 0; i < count; i++) {
ServerCookie scookie = serverCookies.getCookie(i);
- if (scookie.getName().equals(Globals.SESSION_COOKIE_NAME)) {
+ if (scookie.getName().equals(sessionCookieName)) {
// Override anything requested in the URL
if (!request.isRequestedSessionIdFromCookie()) {
// Accept only the first session id cookie
// 2. Values from SessionCookieConfig
// 3. Defaults
- String cookieName = scc.getName();
- if (cookieName == null) {
- cookieName = Globals.SESSION_COOKIE_NAME;
- }
- Cookie cookie = new Cookie(cookieName, sessionId);
+ Cookie cookie = new Cookie(getSessionCookieName(context), sessionId);
// Just apply the defaults.
cookie.setMaxAge(scc.getMaxAge());
return cookie;
}
+
+
+ /**
+ * Determine the name to use for the session cookie for the provided
+ * context.
+ * @param context
+ */
+ public static String getSessionCookieName(Context context) {
+
+ // Priority is:
+ // 1. Cookie name defined in context
+ // 2. Cookie name configured for app
+ // 3. Default defined by spec
+ if (context != null) {
+ String cookieName = context.getSessionCookieName();
+ if (cookieName != null && cookieName.length() > 0) {
+ return cookieName;
+ }
+
+ SessionCookieConfig scc =
+ context.getServletContext().getSessionCookieConfig();
+ cookieName = scc.getName();
+ if (cookieName != null && cookieName.length() > 0) {
+ return cookieName;
+ }
+ }
+
+ return Globals.SESSION_COOKIE_NAME;
+ }
}
/**
+ * The name to use for session cookies. <code>null</code> indicates that
+ * the name is controlled by the application.
+ */
+ private String sessionCookieName;
+
+
+ /**
* The flag that indicates that session cookies should use HttpOnly
*/
private boolean useHttpOnly = true;
}
+
+ /**
+ * Gets the name to use for session cookies. Overrides any setting that
+ * may be specified by the application.
+ *
+ * @return The value of the default session cookie name or null if not
+ * specified
+ */
+ public String getSessionCookieName() {
+ return sessionCookieName;
+ }
+
+
+ /**
+ * Sets the name to use for session cookies. Overrides any setting that
+ * may be specified by the application.
+ *
+ * @param sessionCookieName The name to use
+ */
+ public void setSessionCookieName(String sessionCookieName) {
+ String oldSessionCookieName = this.sessionCookieName;
+ this.sessionCookieName = sessionCookieName;
+ support.firePropertyChange("sessionCookieName",
+ oldSessionCookieName, sessionCookieName);
+ }
+
+
/**
* Gets the value of the use HttpOnly cookies for session cookies flag.
*
<properties>
- <property name="org.apache.catalina.SESSION_COOKIE_NAME">
- <p>An alternative name for the session cookie. Defaults to
- <code>JSESSIONID</code>. Note that the Servlet specification requires
- this to be <code>JSESSIONID</code>. You should not rely on being able to
- change this.</p>
- </property>
-
<property name="org.apache.catalina.SESSION_PARAMETER_NAME">
<p>An alternative name for the session path parameter. Defaults to
<code>jsessionid</code>. Note that the Servlet specification requires
projects / tomcat7.0 / commitdiff