httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kheng-Ee Sim <kheng_ee_...@yahoo.com>
Subject Re: [users@httpd] Apache 2.4.3: Reverse Proxy: Why jsessionid is embedded into URL path of first POST after brower's cookie is cleared
Date Wed, 23 Jan 2013 05:51:01 GMT
yes apache proxying to Tomcat 6 (backend server).
those xx.jsp scripts are all in tomcat 6.

apache and tomcat are on different systems.

followed the ideas on documentation
use proxypass and
reverseproxypass
and filter by location/locationmatch

will post the apache config tomorrow.


Sent from my iPhone

On 23/01/2013, at 4:43 PM, Igor Cicimov <icicimov@gmail.com> wrote:

> 
> On Wed, Jan 23, 2013 at 3:53 PM, Kheng_Ee <kheng_ee_sim@yahoo.com> wrote:
>> This is Apache 2.4.3 trace/log talking to Tomcat 6 using reverse proxy (ajp_proxy)
>> 
>> [Wed Jan 23 14:43:58.464172 2013] [proxy_ajp:trace5] [pid 3989] ajp_header.c(598):
[client 57.250.242.249:24921] ajp_unmarshal_response: Header[0] [Set-Cookie] = [JSESSIONID=3404058BD1B5FB200B52FA6DA48
>> 8B343; Path=/dm; Secure], referer: http://xxx.com/ddd.html
> 
> This looks like the cookie (https one) is set by the backend server in the response header,
presumably Tomcat. Since you didn't mention what are you proxy-ing to we can just guess. Also
I'll guess that the backend server receives the traffic on SSL port..
>  
>> 
>> [Wed Jan 23 14:43:58.465125 2013] [http:trace4] [pid 3989] http_filters.c(806): [client
57.250.242.249:24921]   Set-Cookie: JSESSIONID=3404058BD1B5FB200B52FA6DA488B343; Path=/dm;
Secure, referer: ht
>> tp://xxx.com/ddd.html
>> 
>> [Wed Jan 23 14:44:02.194316 2013] [core:trace5] [pid 3989] protocol.c(627): [client
57.250.242.249:24921] Request received from client: POST /dm/dm.jsp;jsessionid=3404058BD1B5FB200B52FA6DA488B343
>>  HTTP/1.1
>> 
>> [Wed Jan 23 14:44:02.194953 2013] [http:trace4] [pid 3989] http_request.c(305): [client
57.250.242.249:24921]   Cookie: JSESSIONID=3404058BD1B5FB200B52FA6DA488B343, referer: https://xxx.com
>> /dm/dm.jsp?language=En
>> 
>> [Wed Jan 23 14:44:02.195547 2013] [core:trace3] [pid 3989] request.c(227): [client
57.250.242.249:24921] request authorized without authentication by access_checker_ex hook:
/dm/dm.jsp;jsessionid
>> =3404058BD1B5FB200B52FA6DA488B343, referer: https://xxx.com/dm/dm.jsp?language=En
>> 
>> [Wed Jan 23 14:44:06.446938 2013] [http:trace4] [pid 3989] http_request.c(305): [client
57.250.242.249:24921]   Cookie: JSESSIONID=3404058BD1B5FB200B52FA6DA488B343, referer: http://xxx.com/
>> ddd.html
>> 
>> [Wed Jan 23 14:44:06.449677 2013] [proxy_ajp:trace5] [pid 3989] ajp_header.c(293):
[client 57.250.242.249:24921] ajp_marshal_into_msgb: Header[7] [Cookie] = [JSESSIONID=3404058BD1B5FB200B52FA6DA488B343
>> ], referer: http://xxx.com/ddd.html
>> 
>> [Wed Jan 23 14:44:09.543835 2013] [http:trace4] [pid 3989] http_request.c(305): [client
57.250.242.249:24921]   Cookie: JSESSIONID=3404058BD1B5FB200B52FA6DA488B343, referer: https://xxx.com
>> /dm/dm.jsp?language=En
>> 
>> [Wed Jan 23 14:44:09.546812 2013] [proxy_ajp:trace5] [pid 3989] ajp_header.c(293):
[client 57.250.242.249:24921] ajp_marshal_into_msgb: Header[7] [Cookie] = [JSESSIONID=3404058BD1B5FB200B52FA6DA488B343
>> ], referer: https://xxx.com/dm/dm.jsp?language=En
>> 
>> 
>> 
>> 
>> 
>> The steps taken to produce this log are :-
>> 
>> 1) clear the cookies on the browser and restart browser. 
>> 2) Go link http://xxx.com/ddd.html (script on apache).  From the html, it is suppose
to call "POST /dm/dm.jsp" 
>> However, for strange reason on protocol.c, this first attempt after the 'cookie is
cleared on the browser" it is calling POST/dm/dm.jsp;jsessionid=3404058BD1B5FB200B52FA6DA488B343
instead and failed with error 404.
>> 
>> 3) subseqent attempts, from the html.. it will call "POST /dm/dm.jsp" successfully.
>> 
>> 
>> I wonder why after the browser's cookie is cleared, the first POST is embedded with
jsessionid (failed)
>> and subsequent POST is not embedded with jessionid (successful)
> 
> Would be useful if you send the appropriate snippets of your apache config including
the Proxy and VirtualHost (if any) sections and your backend server settings, if Tomcat that
would be the Connector sections.
> 

Mime
View raw message