From 2d7ea753cf750344c8bdbcf235286468bfe92f36 Mon Sep 17 00:00:00 2001 From: markt Date: Wed, 10 Mar 2010 16:18:10 +0000 Subject: [PATCH] Remainder of fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=48379 Allow session cookie name to be configured per context With this option, the servlet 3 options and system property there were just too many places this was being configured so the system property option has been removed for Tomcat 7. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@921426 13f79535-47bb-0310-9956-ffa450edef68 --- java/org/apache/catalina/Context.java | 19 ++++++++++++ java/org/apache/catalina/Globals.java | 4 +-- .../apache/catalina/connector/CoyoteAdapter.java | 6 +++- .../core/ApplicationSessionCookieConfig.java | 35 ++++++++++++++++++---- java/org/apache/catalina/core/StandardContext.java | 34 +++++++++++++++++++++ webapps/docs/config/systemprops.xml | 7 ----- 6 files changed, 89 insertions(+), 16 deletions(-) diff --git a/java/org/apache/catalina/Context.java b/java/org/apache/catalina/Context.java index 5efefa4df..e55b72857 100644 --- a/java/org/apache/catalina/Context.java +++ b/java/org/apache/catalina/Context.java @@ -177,6 +177,25 @@ public interface Context extends Container { /** + * Gets the name to use for session cookies. Overrides any setting that + * may be specified by the application. + * + * @return The value of the default session cookie name or null if not + * specified + */ + public String getSessionCookieName(); + + + /** + * Sets the name to use for session cookies. Overrides any setting that + * may be specified by the application. + * + * @param sessionCookieName The name to use + */ + public void setSessionCookieName(String sessionCookieName); + + + /** * Gets the value of the use HttpOnly cookies for session cookies flag. * * @return true if the HttpOnly flag should be set on session diff --git a/java/org/apache/catalina/Globals.java b/java/org/apache/catalina/Globals.java index 99c03a4c8..6c11e586a 100644 --- a/java/org/apache/catalina/Globals.java +++ b/java/org/apache/catalina/Globals.java @@ -268,9 +268,7 @@ public final class Globals { * The name of the cookie used to pass the session identifier back * and forth with the client. */ - public static final String SESSION_COOKIE_NAME = - System.getProperty("org.apache.catalina.SESSION_COOKIE_NAME", - "JSESSIONID"); + public static final String SESSION_COOKIE_NAME = "JSESSIONID"; /** diff --git a/java/org/apache/catalina/connector/CoyoteAdapter.java b/java/org/apache/catalina/connector/CoyoteAdapter.java index 7ccad23f5..188694633 100644 --- a/java/org/apache/catalina/connector/CoyoteAdapter.java +++ b/java/org/apache/catalina/connector/CoyoteAdapter.java @@ -29,6 +29,7 @@ import org.apache.catalina.Globals; import org.apache.catalina.Wrapper; import org.apache.tomcat.util.res.StringManager; import org.apache.catalina.comet.CometEvent; +import org.apache.catalina.core.ApplicationSessionCookieConfig; import org.apache.catalina.core.AsyncContextImpl; import org.apache.catalina.util.ServerInfo; import org.apache.catalina.util.URLEncoder; @@ -722,9 +723,12 @@ public class CoyoteAdapter implements Adapter { if (count <= 0) return; + String sessionCookieName = + ApplicationSessionCookieConfig.getSessionCookieName(context); + for (int i = 0; i < count; i++) { ServerCookie scookie = serverCookies.getCookie(i); - if (scookie.getName().equals(Globals.SESSION_COOKIE_NAME)) { + if (scookie.getName().equals(sessionCookieName)) { // Override anything requested in the URL if (!request.isRequestedSessionIdFromCookie()) { // Accept only the first session id cookie diff --git a/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java b/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java index 7e76eda89..1a148e25b 100644 --- a/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java +++ b/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java @@ -122,11 +122,7 @@ public class ApplicationSessionCookieConfig implements SessionCookieConfig { // 2. Values from SessionCookieConfig // 3. Defaults - String cookieName = scc.getName(); - if (cookieName == null) { - cookieName = Globals.SESSION_COOKIE_NAME; - } - Cookie cookie = new Cookie(cookieName, sessionId); + Cookie cookie = new Cookie(getSessionCookieName(context), sessionId); // Just apply the defaults. cookie.setMaxAge(scc.getMaxAge()); @@ -162,4 +158,33 @@ public class ApplicationSessionCookieConfig implements SessionCookieConfig { return cookie; } + + + /** + * Determine the name to use for the session cookie for the provided + * context. + * @param context + */ + public static String getSessionCookieName(Context context) { + + // Priority is: + // 1. Cookie name defined in context + // 2. Cookie name configured for app + // 3. Default defined by spec + if (context != null) { + String cookieName = context.getSessionCookieName(); + if (cookieName != null && cookieName.length() > 0) { + return cookieName; + } + + SessionCookieConfig scc = + context.getServletContext().getSessionCookieConfig(); + cookieName = scc.getName(); + if (cookieName != null && cookieName.length() > 0) { + return cookieName; + } + } + + return Globals.SESSION_COOKIE_NAME; + } } diff --git a/java/org/apache/catalina/core/StandardContext.java b/java/org/apache/catalina/core/StandardContext.java index 9faaa62b8..ffb8db41e 100644 --- a/java/org/apache/catalina/core/StandardContext.java +++ b/java/org/apache/catalina/core/StandardContext.java @@ -718,6 +718,13 @@ public class StandardContext /** + * The name to use for session cookies. null indicates that + * the name is controlled by the application. + */ + private String sessionCookieName; + + + /** * The flag that indicates that session cookies should use HttpOnly */ private boolean useHttpOnly = true; @@ -1262,6 +1269,33 @@ public class StandardContext } + + /** + * Gets the name to use for session cookies. Overrides any setting that + * may be specified by the application. + * + * @return The value of the default session cookie name or null if not + * specified + */ + public String getSessionCookieName() { + return sessionCookieName; + } + + + /** + * Sets the name to use for session cookies. Overrides any setting that + * may be specified by the application. + * + * @param sessionCookieName The name to use + */ + public void setSessionCookieName(String sessionCookieName) { + String oldSessionCookieName = this.sessionCookieName; + this.sessionCookieName = sessionCookieName; + support.firePropertyChange("sessionCookieName", + oldSessionCookieName, sessionCookieName); + } + + /** * Gets the value of the use HttpOnly cookies for session cookies flag. * diff --git a/webapps/docs/config/systemprops.xml b/webapps/docs/config/systemprops.xml index 8eabe30a3..119300f10 100644 --- a/webapps/docs/config/systemprops.xml +++ b/webapps/docs/config/systemprops.xml @@ -336,13 +336,6 @@ - -

An alternative name for the session cookie. Defaults to - JSESSIONID. Note that the Servlet specification requires - this to be JSESSIONID. You should not rely on being able to - change this.

- -

An alternative name for the session path parameter. Defaults to jsessionid. Note that the Servlet specification requires -- 2.11.0