*/
public void setCookies(boolean cookies);
+
/**
* Gets the value of the use HttpOnly cookies for session cookies flag.
*
*/
public void setUseHttpOnly(boolean useHttpOnly);
+
+ /**
+ * Gets the domain to use for session cookies. Overrides any setting that
+ * may be specified by the application.
+ *
+ * @return The value of the default session cookie domain or null if not
+ * specified
+ */
+ public String getSessionCookieDomain();
+
+
+ /**
+ * Sets the domain to use for session cookies. Overrides any setting that
+ * may be specified by the application.
+ *
+ * @param sessionCookieDomain The domain to use
+ */
+ public void setSessionCookieDomain(String sessionCookieDomain);
+
/**
* Return the "allow crossing servlet contexts" flag.
*/
secure,
context.getUseHttpOnly(),
response.getConnector().getEmptySessionPath(),
- context.getEncodedPath());
+ context.getEncodedPath(),
+ context.getSessionCookieDomain());
response.addCookie(newCookie);
}
}
isSecure(),
context.getUseHttpOnly(),
connector.getEmptySessionPath(),
- context.getEncodedPath());
+ context.getEncodedPath(),
+ context.getSessionCookieDomain());
response.addCookieInternal(cookie);
}
* @param httpOnly Should session cookie be configured as httpOnly
* @param emptyPath Should session cookie be configured with empty path
* @param contextPath Context path to use if required
+ * @param domain Domain to use for the session cookie. If null, use the
+ * domain specified by the scc parameter.
*/
public static Cookie createSessionCookie(SessionCookieConfig scc,
String sessionId, boolean secure, boolean httpOnly,
- boolean emptyPath, String contextPath) {
+ boolean emptyPath, String contextPath, String domain) {
// Session config can over-ride default name
String cookieName = scc.getName();
// Just apply the defaults.
cookie.setMaxAge(scc.getMaxAge());
cookie.setComment(scc.getComment());
- // Avoid possible NPE
- if (scc.getDomain() != null) {
- cookie.setDomain(scc.getDomain());
+
+ if (domain == null) {
+ // Avoid possible NPE
+ if (scc.getDomain() != null) {
+ cookie.setDomain(scc.getDomain());
+ }
+ } else {
+ cookie.setDomain(domain);
}
// Always set secure if the request is secure
*/
private boolean saveConfig = true;
+
/**
* The flag that indicates that session cookies should use HttpOnly
*/
private boolean useHttpOnly = true;
+
+ /**
+ * The domain to use for session cookies. <code>null</code> indicates that
+ * the domain is controlled by the application.
+ */
+ private String sessionCookieDomain;
+
+
/**
* The Jar scanner to use to search for Jars that might contain
* configuration information such as TLDs or web-fragment.xml files.
}
-
+ /**
+ * Gets the domain to use for session cookies. Overrides any setting that
+ * may be specified by the application.
+ *
+ * @return The value of the default session cookie domain or null if not
+ * specified
+ */
+ public String getSessionCookieDomain() {
+ return sessionCookieDomain;
+ }
+
+
+ /**
+ * Sets the domain to use for session cookies. Overrides any setting that
+ * may be specified by the application.
+ *
+ * @param sessionCookieDomain The domain to use
+ */
+ public void setSessionCookieDomain(String sessionCookieDomain) {
+ String oldSessionCookieDomain = this.sessionCookieDomain;
+ this.sessionCookieDomain = sessionCookieDomain;
+ support.firePropertyChange("sessionCookieDomain",
+ oldSessionCookieDomain, sessionCookieDomain);
+ }
+
/**
* Return the "allow crossing servlet contexts" flag.
on demand.</p>
</attribute>
+ <attribute name="sessionCookieDomain" required="false">
+ <p>The domain to be used for all session cookies created for this
+ context. If set, this overrides any domain set by the web application.
+ If not set, the value specified by the web application, if any, will be
+ used.</p>
+ </attribute>
+
<attribute name="wrapperClass" required="false">
<p>Java class name of the <code>org.apache.catalina.Wrapper</code>
implementation class that will be used for servlets managed by this
projects / tomcat7.0 / commitdiff