Share session data between 2 subdomains

Question

I am using tomcat 7.0.6 with jdk 1.6.0_22

Is it possible to share session data between 2 different domains with a common subdomain such as a.mydomain.com and b.mydom

Answer 1

Set the sessionCookieDomain attribute of <Context> element of the webapp in question to .mydomain.com (note the leading dot, this is very important). This will allow the webbrowser to share cookies among all subdomains.

If you actually have multiple webapp contexts and you want to share the session between them as well, then you also need to set sessionCookiePath attribute of <Context> element of the webapps in question to /.

In a nutshell:

<Context sessionCookieDomain=".mydomain.com" sessionCookiePath="/">

See also:

• Tomcat 7 configuration reference - The Context container

---

For Tomcat 6 users: note that this was introduced in Tomcat 6.0.27. For those who can't upgrade, you would need a Valve to modify the cookie domain, eventually in combination with emptySessionPath attribute in <Connector> element in /conf/server.xml for the case that you've multiple webapp contexts for which you'd like to share the session.

Answer 2

Servlet Spec 3.0 (which is what Tomcat 7 supports) allows this by calling setDomain on SessionCookieConfig.

Details here: http://download.oracle.com/javaee/6/api/javax/servlet/SessionCookieConfig.html

You get SessionCookieConfig progammatically at webapp init time with a ServletContextListner - or you should be able to set it the value in web.xml.

Answer 3

You can create your own session implementation using cookies. Sessions are handled (in most server side languages) using cookies and server side database or files. You create a token (using md5 on timestamp) and save it in file or database along with all session variables.