目标：一级域名登陆之后二级域名同样会获取用户信息。
Tomcat 下，不同的二级域名，Session 默认是不共享的，因为 Cookie 名称为 JSESSIONID 的 Cookie 根域是默认是没设置的，访问不同的二级域名，其 Cookie 就重新生成，而 session 就是根据这个 Cookie 来生成的，所以在不同的二级域名下生成的 Session 也不一样
tomcat7 + jsp +nginx
查阅各种资料之后总结如下：
>配置nginx 映射成不同的域名。
一级域名：http://www.testxmf.com/
>二级域名：http://tool.testxmf.com 、 http://traffic.testxmf.com
配置tomcat server.xml

    <Engine name="Catalina" defaultHost="localhost">


      <!--For clustering, please take a look at documentation at:
          /docs/cluster-howto.html  (simple how to)
          /docs/config/cluster.html (reference documentation) -->
      <!--
      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
      -->


      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
           via a brute-force attack -->
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <!-- This Realm uses the UserDatabase configured in the global JNDI
             resources under the key "UserDatabase".  Any edits
             that are performed against this UserDatabase are immediately
             available for use by the Realm.  -->
<Valve className="org.three3s.valves.CrossSubdomainSessionValve"/>
  <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>
          
<Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true" xmlNamespaceAware="false" xmlValidation="false">
        <!-- SingleSignOn valve, share authentication between web applications
             Documentation at: /docs/config/valve.html -->
        <!--
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
        -->  
      
        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html
             Note: The pattern used is equivalent to using pattern="common" -->
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log." suffix=".txt"
               pattern="%h %l %u %t %r %s %b %T" />


         <Context path=""  docBase="/home/wsm/website" reloadable="true" crossContext="true" sessionCookiePath="/" sessionCookieDomain=".testxmf.com"></Context>
      </Host>
    </Engine>

tomcat lib下加入CrossSubdomainSessionValve.jar 这个包

import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
 
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
 
import org.apache.catalina.Globals;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.valves.ValveBase;
import org.apache.tomcat.util.buf.MessageBytes;
import org.apache.tomcat.util.http.MimeHeaders;
import org.apache.tomcat.util.http.ServerCookie;
 
/**
 * 取代由 Tomcat 域产生的会话 cookie ，允许该会话 cookie 跨子域共享。
 * 
 * Tomcat Server.xml 配置: 
 * <Valve className="me.seanchang.CrossSubdomainSessionValve"/>
 */
public class CrossSubdomainSessionValve extends ValveBase {
	private static Logger log = Logger.getLogger("CrossSubdomainSessionValve");
	public CrossSubdomainSessionValve() {
		super();
		info = "me.seanchang.CrossSubdomainSessionValve/1.0";
	}
 
	@Override
	public void invoke(Request request, Response response) throws IOException,
			ServletException {
		// this will cause Request.doGetSession to create the session cookie if
		// necessary
		request.getSession(true);
 
		// replace any Tomcat-generated session cookies with our own
		Cookie[] cookies = response.getCookies();
		if (cookies != null) {
			for (int i = 0; i < cookies.length; i++) {
				Cookie cookie = cookies[i];
 
				log.info("CrossSubdomainSessionValve: Cookie name is "
						+ cookie.getName());
				if (Globals.SESSION_COOKIE_NAME.equals(cookie.getName()))
					replaceCookie(request, response, cookie);
			}
		}
 
		// process the next valve
		getNext().invoke(request, response);
	}
 
	/**
	 * @param request
	 * @param response
	 * @param cookie
	 * cookie to be replaced.
	 */
	protected void replaceCookie(Request request, Response response, Cookie cookie) {
		// copy the existing session cookie, but use a different domain
		Cookie newCookie = new Cookie(cookie.getName(), cookie.getValue());
		if (cookie.getPath() != null)
			newCookie.setPath(cookie.getPath());
			newCookie.setDomain(getCookieDomain(request));
			newCookie.setMaxAge(cookie.getMaxAge());
			newCookie.setVersion(cookie.getVersion());
		if (cookie.getComment() != null)
			newCookie.setComment(cookie.getComment());
			newCookie.setSecure(cookie.getSecure());
 
		// if the response has already been committed, our replacement strategy
		// will have no effect
		MimeHeaders headers = new MimeHeaders();
		if (response.isCommitted())
 
			log.info("CrossSubdomainSessionValve: response was already committed!");
			// find the Set-Cookie header for the existing cookie and replace its
			// value with new cookie
			headers = response.getCoyoteResponse().getMimeHeaders();
			for (int i = 0, size = headers.size(); i < size; i++) {
				if (headers.getName(i).equals("Set-Cookie")) {
					MessageBytes value = http://www.mamicode.com/headers.getValue(i);>
转自：http://497155382.blog.163.com/blog/static/1949123201391694020/
http://tomcat.apache.org/tomcat-6.0-doc/config/context.html


同一个应用下面多个域名直接跳转