[ColdBox 4.0] Sharing session between modules

18 views

Skip to first unread message

Tropicalista

unread,

Mar 25, 2015, 11:59:30 PM3/25/15

to col...@googlegroups.com

I have an app that run on www.tropical.test. There is a security module to authenticate user.

I use a subdomain to run a module:

	function PathInfoProvider(Event){

		/* Redirect all app.tropical.test to module: core */
		var URI = CGI.SERVER_NAME;
		if (URI eq "app.tropical.test")
		{
			return "/core" & CGI.PATH_INFO;
		}

		return CGI.PATH_INFO;
	}

So when I go to app.tropical.test my core module is displayed. The problem is that if I authenticate to www.tropical.test and then go to app.tropical.test the session is not shared. I'm on railo 4.2.008 that is deployed by commandbox. I have j2ee session enabled.

br...@bradwood.com

unread,

Mar 26, 2015, 12:32:20 AM3/26/15

to col...@googlegroups.com

That is because your session cookie is domain specific. Look at your browser debugging tools and you'll see your jsessionid changes.

The answer to this should be to set domain cookies. There's a ticket for Railo that was supposedly fixed, but someone commented saying it wasn't and I never went back and tested it.

https://issues.jboss.org/browse/RAILO-1332

The workaround used to be to must manually set your cookie to the top level domain in your onRequestStart if I recall, thus overwriting the cookie that Railo is setting.

The key is that whether you hit www.tropical.test or app.tropical.test, the domain on your session cookies must be tropical.test.

Thanks!

~Brad

ColdBox Platform Evangelist
Ortus Solutions, Corp

E-mail: br...@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com

--------- Original Message ---------

--
--
You received this message because you are subscribed to the Google Groups "ColdBox Platform" group.
For News, visit http://blog.coldbox.org
For Documentation, visit http://wiki.coldbox.org
For Bug Reports, visit https://ortussolutions.atlassian.net/browse/COLDBOX
---
You received this message because you are subscribed to the Google Groups "ColdBox Platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to coldbox+u...@googlegroups.com.
To post to this group, send email to col...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/coldbox/bbf2dd62-8541-48ef-a95a-bd37c6276849%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all

Reply to author

Forward

0 new messages