[tomcat] context간 세션 공유

출처 : jononeworld.tistory.com/36

 

하나의 was에 여러개의 프로젝트(컨텍스트)가 존재할 경우 일반적으로

서로간 세션의 공유가 되지 않는다.

이때 각 컨텍스트간의 세션이 공유될 수 있는 방법을 알아보자.

 

1. $catalina_home$/conf/context.xml의 변경 

<!-- The contents of this file will be loaded for each web application --> <Context>       <!-- Default set of monitored resources -->     <WatchedResource>WEB-INF/web.xml</WatchedResource>       <!-- Uncomment this to disable session persistence across Tomcat restarts -->     <!--     <Manager pathname="" />     -->

 

위의 컨텍스트를 아래와 같이 바꿔준다. crossContext="true"

<!-- The contents of this file will be loaded for each web application --> <Context crossContext="true">       <!-- Default set of monitored resources -->     <WatchedResource>WEB-INF/web.xml</WatchedResource>       <!-- Uncomment this to disable session persistence across Tomcat restarts -->     <!--     <Manager pathname="" />     -->

 

 

2. $catalina_home$/conf/server.xml 변경 : emptySessionPath="true"

<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443" emptySessionPath="true"/>

<Connector>에 emptySessionPath="true" 속성을 추가한다.

 

3. 세션 셋

request.getSession().getServletContext().setAttribute("ssUserId", userId);

 

4. 세션 겟

String ssUserId =  (String) request.getSession().getServletContext().getContext("/").getAttribute("ssUserId");

 

---------------

실 적용 사례

 

로그인 context간 세션공유.xlsx

0.01MB

---------------

emptySessionPath="true" 의 기능

 

위와 같이 설정하면 JSESSIONID cookie가 "/" context에 쓰여진다.??

각 context가 같은 JSESSIONID를 갖는다는 의미?? 좀 더 테스트 필요하다.

 

The emptySessionPath field just states whether the all cookie should be stored in the root URL path / (if emptySessionPath=true) or not (otherwise).

This is used by Apache's Connector. See details here (This is for AJP Connector, which is part of the Connnector object).

What this basically means is:

If emptySessionPath is enabled in tomcat, the JSESSIONID cookie is written to the root "/" path. This means that whatever webapp you are on will use the same cookie. Each webapp will re-write the cookie's value to hold that webapp's session id, and they are all different.

When this is enabled and servlets in different webapps are used, requests from the same user to different servlets will end up overwriting the cookie so that when the servlet is again interacted with it will create a new session and loose the session it had already set up.

If emptySessionPath is not set, there are multiple cookies in the browser, one for each webapp (none at the root), so different webapps are not re-writing each other's cookie as above.

JSESSIONID is the ID Session for your Webapp. See a full explanation here.

Update: This information about usage is somewhat outdated - see here for a more up-to-date information on how to set the Session path also for recent tomcat.