内容转自:http://blog.csdn.net/luka2008/article/details/38385703/,请直接看原文,不过这篇“原文”也是转的。。。
1,Tomcat下
代码:
import com.sun.javaws.Globals; import javax.xml.soap.MimeHeaders; import java.io.IOException; /** * Created by liu.yuxiang on 2017/9/26. */ public class SessionCrossDomainValve extends ValveBase { public SessionCrossDomainValve() { super(); info = "com.jinfuzi.SessionCrossDomainValve"; } public void invoke(Request request, Response response) throws IOException, ServletException { request.getSession(true); // replace any Tomcat-generated session cookies with our own Cookie[] cookies = response.getCookies(); if (cookies != null) { for (int i = 0; i < cookies.length; i++) { Cookie cookie = cookies; containerLog.debug("CrossSubdomainSessionValve: Cookie name is " + cookie.getName()); if (Globals.SESSION_COOKIE_NAME.equals(cookie.getName())) { replaceCookie(request, response, cookie); } } } // process the next valve getNext().invoke(request, response); } @SuppressWarnings("unchecked") protected void replaceCookie(Request request, Response response, Cookie cookie) { //copy the existing session cookie, but use a different domain Cookie newCookie = new Cookie(cookie.getName(), cookie.getValue()); if (cookie.getPath() != null) newCookie.setPath(cookie.getPath()); newCookie.setDomain(getCookieDomain(request)); newCookie.setMaxAge(cookie.getMaxAge()); newCookie.setVersion(cookie.getVersion()); if (cookie.getComment() != null) newCookie.setComment(cookie.getComment()); newCookie.setSecure(cookie.getSecure()); //if the response has already been committed, our replacement strategy will have no effect if (response.isCommitted()) containerLog.error("CrossSubdomainSessionValve: response was already committed!"); //find the Set-Cookie header for the existing cookie and replace its value with new cookie MimeHeaders headers = response.getCoyoteResponse().getMimeHeaders(); for (int i = 0, size = headers.size(); i < size; i++) { if (headers.getName(i).equals("Set-Cookie")) { MessageBytes value = headers.getValue(i); if (value.indexOf(cookie.getName()) >= 0) { StringBuffer buffer = new StringBuffer(); ServerCookie.appendCookieValue(buffer, newCookie.getVersion(), newCookie .getName(), newCookie.getValue(), newCookie.getPath(), newCookie .getDomain(), newCookie.getComment(), newCookie.getMaxAge(), newCookie .getSecure()); //如果是tomcat6.020,这里需要多加一个true. containerLog.debug("CrossSubdomainSessionValve: old Set-Cookie value: " + value.toString()); containerLog.debug("CrossSubdomainSessionValve: new Set-Cookie value: " + buffer); value.setString(buffer.toString()); } } } } protected String getCookieDomain(Request request) { String cookieDomain = request.getServerName(); String[] parts = cookieDomain.split("\."); if (parts.length >= 2) cookieDomain = parts[parts.length - 2] + "." + parts[parts.length - 1]; return "." + cookieDomain; } public String toString() { return ("CrossSubdomainSessionValve[container=" + container.getName() + ']'); } }
这个类就是查看response要写入的cookie有没有符合规则,有就对cookie,domain进行变更,变为二级域名
将这个类打包成jar包,放进{catalina_home}/lib下,并在server.xml中注册:
<Valve className="SessionCrossDomainValve"/>
2、改变获取Session的方式
public Session getSession(HttpServletRequest request, HttpServletResponse response){ HttpSession session = request.getSession(false); if (session==null){ session = request.getSession(true); String session_id = session.getId(); Cookie c = new Cookie("JSESSIONID",session_id); c.setDomain(".vinceruan.info"); c.setPath("/"); response.addCookie(); } }