Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to set cookie domain and path with Spring boot

Tags:

spring-boot

jsessionid

In Tomcat, we can do it like this:

<Context useHttpOnly="true" sessionCookiePath="/"sessionCookieDomain=".XXXX.com"/>

I want to share the cookie for second level domain with Spring Boot, how to do it?

like image 866
zhe zhu Avatar asked Jan 22 '16 07:01

zhe zhu

People also ask

How do I set spring boot cookies?

In a Spring Boot application, a cookie can be set by using the Cookie class and add in server response using HttpServletResponse class, similarly, a cookie can be retrieved by using @CookieValue annotation.

Can you set domain in cookie?

Set a cookie domain The domain can be used to specify a subdomain for your cookie. If not set, it defaults to the host portion even if using a subdomain (if on subdomain.mydomain.com, by default it's set to mydomain.com). Domain cookies are included in subdomains.

How do I set cookies to all path?

In your Java server, you should call cookie. setPath("/") before adding it to response. Such cookie will match all request URIs.

2 Answers

Settings for the server that Spring Boot embeds are available as application properties (listed here under the section # EMBEDDED SERVER CONFIGURATION and the namespace server.servlet.session.cookie.*).

The equivalent to the Tomcat config from above should be:

# properties in /src/resources/application.properties
server.servlet.session.cookie.domain=.XXXX.com
server.servlet.session.cookie.http-only=true
server.servlet.session.cookie.path=/
like image 200
sthzg Avatar answered Oct 19 '22 01:10

sthzg

(This applies to Spring 1.5.x at the time of this writing)

To add to @radrocket81's reply, here's an example code. Also this is how you set the max-age and other properties of Spring boot cookies if you enabled Redis session by @EnableRedisHttpSession as application property server.session won't be applied.

@Bean
public <S extends ExpiringSession> SessionRepositoryFilter<? extends ExpiringSession> springSessionRepositoryFilter(SessionRepository<S> sessionRepository, ServletContext servletContext) {
    SessionRepositoryFilter<S> sessionRepositoryFilter = new SessionRepositoryFilter<S>(sessionRepository);
    sessionRepositoryFilter.setServletContext(servletContext);
    CookieHttpSessionStrategy httpSessionStrategy = new CookieHttpSessionStrategy();
    httpSessionStrategy.setCookieSerializer(this.cookieSerializer());
    sessionRepositoryFilter.setHttpSessionStrategy(httpSessionStrategy);
    return sessionRepositoryFilter;
}

private CookieSerializer cookieSerializer() {
    DefaultCookieSerializer serializer = new DefaultCookieSerializer();
    serializer.setCookieName("CUSTOM_SESSION_KEY");
    serializer.setDomainName("domain.com");
    serializer.setCookiePath("/");
    serializer.setCookieMaxAge(10); //Set the cookie max age in seconds, e.g. 10 seconds
    return serializer;
}
like image 2
EwyynTomato Avatar answered Oct 19 '22 02:10

EwyynTomato
Sign in to Comment

Related questions

Creating a file download link using Spring Boot and Thymeleaf
How to configure CORS and Basic Authorization in Spring Boot?
Is there a way I can stop springfox swagger from scanning the model classes?
Process HTML file using Thymeleaf in Web based Scopes of Spring and store the processed template as String
Enable HTTP Strict Transport Security (HSTS) with spring boot application
JMeter : java.net.NoRouteToHostException: Cannot assign requested address (Address not available)
Configure Spring for CORS
React + springboot csrf
Apparent Spring Boot race condition causing duplicate springSecurityFilterChain registration
Spring boot Security Config - authenticationManager must be specified
How do I autowire 3rd party classes with annotations in Spring?
Problems connecting to Cassandra pool from Spring application
Maven - for artifact the version cannot be empty
Spring Boot JPA CrudRepository
How to configure spring boot security OAuth2 for ADFS?
DataSource Error while running Spring Boot application
ContextStartedEvent not firing in custom listener
Class loader error - unnamed module of loader org.springframework.boot.devtools.restart.classloader.RestartClassLoader
Debugging not working for Spring Boot 2.2 and IntelliJ Idea
Does Spring make the SecurityContext available to the thread executing a Hystrix Command

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!