tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 38760] New: - path of JSESSIONID cookie (and possibly others) is passed through incorrectly
Date Thu, 23 Feb 2006 03:31:44 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38760>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=38760

           Summary: path of JSESSIONID cookie (and possibly others) is
                    passed through incorrectly
           Product: Tomcat 5
           Version: 5.0.30
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: major
          Priority: P2
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: brian.bonner@paraware.com


If Apache is used as a proxy in front of tomcat using ProxyPass and
ProxyPassreverse with a path different than the path specified in the context of
the tomcat webapp, tomcat returns the cookie using the path associated with the
context of the webapp instead of the initial request path as seen from the client.

i.e.

ProxyPass         /test   http://192.168.1.10/secured
ProxyPassReverse  /test   http://192.168.1.10/secured

In this case, the request is submitted to Apache web server as
http://somedomain.com/test/index.html,  ProxyPass translates this request to
http://192.168.1.10/secured/index.html.  if a cookie is placed on the request,
it should be placed at:

domain:  somedomain.com
path: /test

However instead, tomcat places it at:

domain: somedomain.com
path: /secured

When trying to login, Apache ends up logging a 408 error.

I have not been able to trace through the code where the cookies are set inside
Tomcat.

If you set the ProxyPass, ProxyPassReverse to be the same path, this error does
not occur, however this severely hinders the flexibility of the proxy.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message