0

So I already success implement SSO using spring session and redis on development localhost domain. But when I deploy to server using two sub domain.

login.example.com

apps.example.com

They always create new session Id on each sub domain. I already try to configure using Context in tomcat configuration.

<Context sessionCookieDomain=".example.com" sessionCookiePath="/">

But no luck.

prptn
  • 299
  • 1
  • 6
  • 18

2 Answers2

0

Spring session moves the session management on application level, so no surprise that trying to configure the container (in your case tomcat) has no effect. Currently there is a TODO in spring-session code to allow setting the domain, but is not implemented.

Maybe it is best to open an issue to allow setting the domain or comment/vote on https://github.com/spring-projects/spring-session/issues/112.

Meanwhile a workaround would be to go with your own implementation of MultiHttpSessionStrategy based on CookieHttpSessionStrategy.

tsachev
  • 1,111
  • 10
  • 14
0

Finally I succeeded to setdomain on application level.

You're right, I hope in the future they implement the feature to set domain.

For now I create CustomCookieHttpSessionStrategy for my own implmentation.

private Cookie createSessionCookie(HttpServletRequest request,
        Map<String, String> sessionIds) {
...
      sessionCookie.setDomain(".example.com");
      // TODO set domain?
...
}

And then register bean as HttpSessionStrategy.

prptn
  • 299
  • 1
  • 6
  • 18