tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: mod_jk: confirming JKStripSession setting
Date Tue, 06 Apr 2010 14:41:29 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Rainer,

(Forgot to mention I'm using mod_jk 1.2.30 compiled locally)

On 4/3/2010 12:33 PM, Rainer Jung wrote:
> On 01.04.2010 00:21, Christopher Schultz wrote:
>> Except that I have JKStripSession enabled -- at least, I think I do.
> 
> It should respect virtual hosts, one thing that could go wrong.
> JkStripSession actually takes an optional second argument, the start of
> what has to be stripped (by default ";jsessionid").

I have JKStripSession declared inside of the VirtualHost being used in
this case. It goes something like this:

myvirtualhost.conf
<VirtualHost *:80>
  ...

  Include /path/to/custom/*.conf
</VirtualHost>

/path/to/custom/000_mod_jk.conf
  # mod_jk options
  JkStripSession On

/path/to/custom/02_cschultz.conf
  ...

  Alias /context /path/to/static/files
  JkMount /context/*.jsp worker1
  ...

So, that looks good to me so far, but it's still behaving like it's not
stripping the session (that is, my images are broken when ;jsessionid is
a part of the URL).

I can confirm that /path/to/static/files/images/help_widget.gif does in
fact exist: when the ;jsessionid is not part of the URL, the image loads
as expected.

> Debug should show (Apache):
> 
> "removing session identifier [%s] for non servlet url [%s]"

Aah, I'm not sure if I bothered to actually make a request with DEBUG
turned on. I'll check that...

Okay, I can see it:

[Tue Apr 06 14:34:58.061 2010] [7178:3056749456] [debug]
jk_map_to_storage::mod_jk.c (3609): no match for
/context/;jsessionid=4C1E21B0202F52187EB8DF1EE9E1CF85/images/help_widget.gif
found
[Tue Apr 06 14:34:58.061 2010] [7178:3056749456] [debug]
jk_map_to_storage::mod_jk.c (3619): removing session identifier
[;jsessionid=4C1E21B0202F52187EB8DF1EE9E1CF85/images/help_widget.gif]
for non servlet url
[/cschultz-chadis/;jsessionid=4C1E21B0202F52187EB8DF1EE9E1CF85/images/help_widget.gif]

Has it removed too much of the URL? It looks like it's chosen
";jsessionid=4C1E21B0202F52187EB8DF1EE9E1CF85/images/help_widget.gif" as
the session identifier. Am I reading that wrong?

> each time something is actually removed in case Apache has internally
> set r->uri. If it has only set r->filename, nothing will be logged :)
> 
> Could it have to do with something else like PHP involved? Any other
> tricks to map the image URL?

Possible, but unlikely: we're not using PHP on this site, and no other
manipulations are being done (or, no others are intended): it's just a
static .gif file on the disk.

What next?

Thanks,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAku7SBkACgkQ9CaO5/Lv0PB3/QCgr12CmRt1LKfH4eroOq/AyfZT
+S8An0FypAQntqoxth9Ni5/K2nAUEhBR
=otm4
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message