0

I am developing centralized admin module for multiple product. Trying to maintain same session across multiple product.

enter image description here

For Product1 : Authenticate successfully and send token in response header

Request URL:http://localhost:8080/admin-web/rest/authenticate/

Request Headers

Accept:application/json, text/plain, */* Accept-Encoding:gzip, deflate Accept-Language:en-US,en;q=0.8 Cache-Control:no-cache Connection:keep-alive Host:localhost:8080 Origin:http://product1.com:9090 Pragma:no-cache Referer:http://product1.com:9090/p1/ User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.109 Safari/537.36

Response Headers

Set-Cookie:token=asdf123sfs1f23sfsf321sfsf21; Version=1; Comment=""; Domain=localhost; Path=/ <------------------------------------??? Access-Control-Allow-Credentials:true Access-Control-Allow-Origin:http://product1.com:9090 Content-Encoding:gzip Content-Type:application/json Date:Mon, 13 Nov 2017 12:38:27 GMT Server:Apache-Coyote/1.1 Transfer-Encoding:chunked Vary:Origin Vary:Accept-Encoding

For Product2 :

Request URL:http://localhost:8080/admin-web/rest/authenticate/

Request Headers

Accept:application/json, text/plain, */* Accept-Encoding:gzip, deflate Accept-Language:en-US,en;q=0.8 Cache-Control:no-cache Connection:keep-alive Content-Length:156 Content-Type:application/json;charset=UTF-8 Host:localhost:8080 Origin:http://product2.com:9090 Pragma:no-cache Referer:http://product2.com:9090/p2/ token:null <------------------------------------??? User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.109 Safari/537.36

While doing product2 authentication after product1 authentication, token found null. If I deploy product1 on same domain, it works fine. So, I want to use token header for same service url in another product request. How can I do it? Please find my CORS configuration below :

<filter>
    <filter-name>CORS</filter-name>
    <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>

    <init-param>
        <param-name>cors.allowOrigin</param-name>
        <param-value>*</param-value>
    </init-param>
    <init-param>
        <param-name>cors.supportedMethods</param-name>
        <param-value>GET, HEAD, POST, OPTIONS, PUT, DELETE</param-value>
    </init-param>
</filter>
sideshowbarker
  • 62,215
  • 21
  • 143
  • 153
Darshan Patel
  • 2,639
  • 1
  • 21
  • 36

1 Answers1

0

I have resolved this by creating subdomain for each product just like Google, where I can share cookies across subdomain.

Reference Share cookie between subdomain and domain

piet.t
  • 11,035
  • 20
  • 40
  • 49
Darshan Patel
  • 2,639
  • 1
  • 21
  • 36