playframework session sharing across subdomain
568 views
Skip to first unread message
cunghi
Nov 17, 2009, 3:28:58 AM11/17/09
to play-framework
Hi all,
We are developing a web application using Play and the site content
are customized by subdomain (subdomain is for each city).
Fox example: cali.site.com for users in Cali
texas.site.com for users in texas
We would like a user login to cali site and can be viewed as logined
if they visit cali or texas by putting his status in session. However,
Play will create a new session for each subdomain, this will prevent
implementing the above function.
In standard java servlet session, we can share session data if
everything is in the same web application, but this cann't be done in
Play
I have view Play documents, source code and found that Play implement
session, flash objects via cookie. However, Play framework cookie is
missing cross domain cookie sharing (view another post of mine about
this) comparing to standard java cookie.
Here is the source code of Play Cookie without domain property, this
will make sharing cross domain cookie and session in one web
application impossible.
/**
* An HTTP Cookie
*/
public static class Cookie implements Serializable {
/**
* Cookie name
*/
public String name;
/**
* Cookie path
*/
public String path = "/";
/**
* for HTTPS ?
*/
public boolean secure = false;
/**
* Cookie value
*/
public String value;
public boolean sendOnError = false;
public Integer maxAge;
}
Ref: how to implement cross domain cookie sharing using standard Java
Servlet.
Note: the cookie.setDomain method which Play framework doesn't support
http://www.davidthielen.info/programming/2005/09/cross_domain_co.html
Thanks,
We are developing a web application using Play and the site content
are customized by subdomain (subdomain is for each city).
Fox example: cali.site.com for users in Cali
texas.site.com for users in texas
We would like a user login to cali site and can be viewed as logined
if they visit cali or texas by putting his status in session. However,
Play will create a new session for each subdomain, this will prevent
implementing the above function.
In standard java servlet session, we can share session data if
everything is in the same web application, but this cann't be done in
Play
I have view Play documents, source code and found that Play implement
session, flash objects via cookie. However, Play framework cookie is
missing cross domain cookie sharing (view another post of mine about
this) comparing to standard java cookie.
Here is the source code of Play Cookie without domain property, this
will make sharing cross domain cookie and session in one web
application impossible.
/**
* An HTTP Cookie
*/
public static class Cookie implements Serializable {
/**
* Cookie name
*/
public String name;
/**
* Cookie path
*/
public String path = "/";
/**
* for HTTPS ?
*/
public boolean secure = false;
/**
* Cookie value
*/
public String value;
public boolean sendOnError = false;
public Integer maxAge;
}
Ref: how to implement cross domain cookie sharing using standard Java
Servlet.
Note: the cookie.setDomain method which Play framework doesn't support
http://www.davidthielen.info/programming/2005/09/cross_domain_co.html
Thanks,
David Marko
Nov 17, 2009, 8:08:33 AM11/17/09
to play-framework
Guillaume Bort
Nov 17, 2009, 8:10:29 AM11/17/09
to play-fr...@googlegroups.com
This issue has already been fixed in the trunk. Search in the bug
tracker. However the standars cookies session,flash) still not use it.
tracker. However the standars cookies session,flash) still not use it.
cunghi
Nov 17, 2009, 11:34:37 AM11/17/09
to play-framework
Hi David,
Thank you for your help
Thank you for your help
cunghi
Nov 17, 2009, 12:16:07 PM11/17/09
to play-framework
Hi David,
I have viewed the 1.1 source code revision 667 and it seems that the
bug 478890 is not fixed completely
In HttpHandler, the following source code has setDomain to low layer
server based on Play Framework cookie.domain
if (cookie.domain != null) {
c.setDomain(cookie.domain);
}
However, application developers cannot use the the cross domain
because the following source in Http doesn't support setting domain
for Play Framework cookie
/**
352
* Set a new cookie
353
* @param name Cookie name
354
* @param value Cookie value
355
*/
356 410
public void setCookie(String name, String value) {
357
setCookie(name, value, (Integer) null);
358 288
}
359 410
360 288
/**
361
* Set a new cookie that will expire in (current) + duration
362
* @param name
363
* @param value
364
* @param duration Ex: 3d
365
*/
366 410
public void setCookie(String name, String value, String
duration) {
367
int expire = Time.parseDuration(duration);
368
setCookie(name, value, Integer.valueOf(expire));
369 288
}
370 410
371 288
public void setCookie(String name, String value, Integer
maxAge) {
372 46
if (cookies.containsKey(name)) {
373 32.1.50
cookies.get(name).value = value;
374 410
if (maxAge != null) {
375
cookies.get(name).maxAge = maxAge;
376
}
377 32.1.50
} else {
378
Cookie cookie = new Cookie();
379
cookie.name = name;
380
cookie.value = value;
381 410
if (maxAge != null) {
382
cookie.maxAge = maxAge;
383
}
384 32.1.50
cookies.put(name, cookie);
385
}
386 32.1.3
}
The Play Framework need to provide more methods with domain for cookie
in Http in order to fix cross domain and session sharing.
Thanks,
I have viewed the 1.1 source code revision 667 and it seems that the
bug 478890 is not fixed completely
In HttpHandler, the following source code has setDomain to low layer
server based on Play Framework cookie.domain
if (cookie.domain != null) {
c.setDomain(cookie.domain);
}
However, application developers cannot use the the cross domain
because the following source in Http doesn't support setting domain
for Play Framework cookie
/**
352
* Set a new cookie
353
* @param name Cookie name
354
* @param value Cookie value
355
*/
356 410
public void setCookie(String name, String value) {
357
setCookie(name, value, (Integer) null);
358 288
}
359 410
360 288
/**
361
* Set a new cookie that will expire in (current) + duration
362
* @param name
363
* @param value
364
* @param duration Ex: 3d
365
*/
366 410
public void setCookie(String name, String value, String
duration) {
367
int expire = Time.parseDuration(duration);
368
setCookie(name, value, Integer.valueOf(expire));
369 288
}
370 410
371 288
public void setCookie(String name, String value, Integer
maxAge) {
372 46
if (cookies.containsKey(name)) {
373 32.1.50
cookies.get(name).value = value;
374 410
if (maxAge != null) {
375
cookies.get(name).maxAge = maxAge;
376
}
377 32.1.50
} else {
378
Cookie cookie = new Cookie();
379
cookie.name = name;
380
cookie.value = value;
381 410
if (maxAge != null) {
382
cookie.maxAge = maxAge;
383
}
384 32.1.50
cookies.put(name, cookie);
385
}
386 32.1.3
}
The Play Framework need to provide more methods with domain for cookie
in Http in order to fix cross domain and session sharing.
Thanks,
cunghi
Nov 17, 2009, 12:16:19 PM11/17/09
to play-framework
On Nov 17, 8:10 pm, Guillaume Bort <guillaume.b...@gmail.com> wrote:
> This issue has already been fixed in the trunk. Search in the bug
> tracker. However the standars cookies session,flash) still not use it.
>
Reply all
Reply to author
Forward
0 new messages