httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wm.A.Stafford" <staff...@marine.rutgers.edu>
Subject Re: [users@httpd] Apache + Tomcat = no session management
Date Fri, 26 Jan 2007 18:48:01 GMT
Sander,

    I forgot to ask about one more aspect of this situation.  When we 
first realized that session cookies were not coming in to the app we 
tried url rewriting and that did not resolve the problem.  Does Apache 
1.3 do something to urls that have an explicit session id?
ex. ip_and_context ;jsessionid=blah de blah de blah &params.

    While searching for the solution to this I saw a web page that said 
a rewrite rule was required if url rewriting is used.  Is this the case 
and, if so, could you give me an example rule or direct me to a source 
for this rule.

    Thanks again,
    -=bill

Sander Temme wrote:
>
> On Jan 25, 2007, at 1:20 PM, Wm.A.Stafford wrote:
>
>> Sander,
>>
>> Here is a cookie copied from Firefox cookie viewer when
>> the Apache+Tomcat machine was accessed from another machine.
>>
>> Name: JSESSIONID
>> Content: 10FA6EB4F5B24CBA716A7F5DAD1F4B3F
>> Host: iobis.marine.rutgers.edu
>> Path: /OBISDEV
>         ^^^^^^^^
>> Send For: Any type  of connecion
>> Expires: at end of session
>>
>> The URL to access the Apache+Tomcat application is:
>> http://iobis.marine.rutgers.edu/OBISBETA/OBIS.jsp
>                                  ^^^^^^^^^
>>
>> Just a reminder of the mapping from httpd.conf
>> ProxyPass /OBISBETA http://localhost:8082/OBISDEV
>> ProxyPassReverse /OBISBETA localhost:8082/OBISDEV
>                    ^^^^^^^^^               ^^^^^^^^
>
> As you can see, the Path: in the cookie does not match the URL path, 
> so the session cookie will not get sent back to the server.
>
> Since the mod_proxy of Apache 1.3 doesn't support rewriting Cookie 
> paths, your only option is to change the ProxyPass local path to match 
> the back-end (and connect to that), or have Tomcat match its mount 
> path to what the front-end thinks it is.
>
> That's really all I can think of right now.
>
> S.
>
>
>>
>> Thanks,
>> -=bill
>>
>>
>> Sander Temme wrote:
>>>
>>> On Jan 24, 2007, at 11:00 AM, Wm.A.Stafford wrote:
>>>
>>>>    A bit more info has emerged, the admin believes  the Apache 
>>>> version is  1.3.20.
>>>
>>> Running httpd -v will take away any shred of doubt.
>>>
>>>>>    I'll see if there is any interest in moving to the latest 
>>>>> Apache but at this point I think that is probably not an option 
>>>>> because there are a lot of other users of this system and they 
>>>>> would all have to buy in.  So I will need to proceed with 
>>>>> configuration of the existing version.
>>>
>>> Apache has made great strides since 1.3.20.  For starters, any 1.3 
>>> version after that contains security fixes that you might want.  As 
>>> no other changes are made to that branch, an upgrade should not 
>>> cause you any problems.
>>>
>>> The proxy module that came with Apache 1.3 did not have the 
>>> ProxyReverseCookiePath directive that I talked about earlier. See
>>>
>>> http://httpd.apache.org/docs/1.3/mod/mod_proxy.html
>>>
>>> for documentation on the 1.3 mod_proxy module.
>>>
>>> Before we make any more guesses about the nature of your problem, I 
>>> would like to learn from you whether the Cookie path mismatch is 
>>> actually causing your issue.  Could you run the following test on 
>>> your application:
>>>
>>> 1) Clear your browser cache and cookie store
>>> 2) Connect to your application through the Apache proxy and log in
>>> 3) Go back to your cookie store, see if anything emerged and send us 
>>> the
>>>    contents of any JSESSIONID cookies. Feel free to obfuscate as you 
>>> see
>>>    fit, as long as we have enough information to work with (domain 
>>> and path
>>>    are of paramount interest, as well as the complete URL you used to
>>>    access your application in step 2.
>>>
>>> Thanks,
>>>
>>> S.
>>>
>>> --sctemme@apache.org            http://www.temme.net/sander/
>>> PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server 
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>
> --sctemme@apache.org            http://www.temme.net/sander/
> PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message