httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wm.A.Stafford" <staff...@marine.rutgers.edu>
Subject Re: [users@httpd] Apache + Tomcat = no session management
Date Fri, 26 Jan 2007 14:37:06 GMT
Sander,

    Thanks a million for all your help! 

    -=bill

Sander Temme wrote:
>
> On Jan 25, 2007, at 1:20 PM, Wm.A.Stafford wrote:
>
>> Sander,
>>
>> Here is a cookie copied from Firefox cookie viewer when
>> the Apache+Tomcat machine was accessed from another machine.
>>
>> Name: JSESSIONID
>> Content: 10FA6EB4F5B24CBA716A7F5DAD1F4B3F
>> Host: iobis.marine.rutgers.edu
>> Path: /OBISDEV
>         ^^^^^^^^
>> Send For: Any type  of connecion
>> Expires: at end of session
>>
>> The URL to access the Apache+Tomcat application is:
>> http://iobis.marine.rutgers.edu/OBISBETA/OBIS.jsp
>                                  ^^^^^^^^^
>>
>> Just a reminder of the mapping from httpd.conf
>> ProxyPass /OBISBETA http://localhost:8082/OBISDEV
>> ProxyPassReverse /OBISBETA localhost:8082/OBISDEV
>                    ^^^^^^^^^               ^^^^^^^^
>
> As you can see, the Path: in the cookie does not match the URL path, 
> so the session cookie will not get sent back to the server.
>
> Since the mod_proxy of Apache 1.3 doesn't support rewriting Cookie 
> paths, your only option is to change the ProxyPass local path to match 
> the back-end (and connect to that), or have Tomcat match its mount 
> path to what the front-end thinks it is.
>
> That's really all I can think of right now.
>
> S.
>
>
>>
>> Thanks,
>> -=bill
>>
>>
>> Sander Temme wrote:
>>>
>>> On Jan 24, 2007, at 11:00 AM, Wm.A.Stafford wrote:
>>>
>>>>    A bit more info has emerged, the admin believes  the Apache 
>>>> version is  1.3.20.
>>>
>>> Running httpd -v will take away any shred of doubt.
>>>
>>>>>    I'll see if there is any interest in moving to the latest 
>>>>> Apache but at this point I think that is probably not an option 
>>>>> because there are a lot of other users of this system and they 
>>>>> would all have to buy in.  So I will need to proceed with 
>>>>> configuration of the existing version.
>>>
>>> Apache has made great strides since 1.3.20.  For starters, any 1.3 
>>> version after that contains security fixes that you might want.  As 
>>> no other changes are made to that branch, an upgrade should not 
>>> cause you any problems.
>>>
>>> The proxy module that came with Apache 1.3 did not have the 
>>> ProxyReverseCookiePath directive that I talked about earlier. See
>>>
>>> http://httpd.apache.org/docs/1.3/mod/mod_proxy.html
>>>
>>> for documentation on the 1.3 mod_proxy module.
>>>
>>> Before we make any more guesses about the nature of your problem, I 
>>> would like to learn from you whether the Cookie path mismatch is 
>>> actually causing your issue.  Could you run the following test on 
>>> your application:
>>>
>>> 1) Clear your browser cache and cookie store
>>> 2) Connect to your application through the Apache proxy and log in
>>> 3) Go back to your cookie store, see if anything emerged and send us 
>>> the
>>>    contents of any JSESSIONID cookies. Feel free to obfuscate as you 
>>> see
>>>    fit, as long as we have enough information to work with (domain 
>>> and path
>>>    are of paramount interest, as well as the complete URL you used to
>>>    access your application in step 2.
>>>
>>> Thanks,
>>>
>>> S.
>>>
>>> --sctemme@apache.org            http://www.temme.net/sander/
>>> PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server 
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>
> --sctemme@apache.org            http://www.temme.net/sander/
> PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message