tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Fix the cookie path with mod_jk
Date Tue, 19 Apr 2011 22:53:14 GMT 
Thomas Freitag wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi Chris,
> 
> On 18.04.11 um 16:42, Christopher Schultz wrote:
>> Thomas,
>>
>> On 4/18/2011 3:34 AM, Thomas Freitag wrote:
>>> Hi Yu
>>>
>>> On 18.04.11 um 16:19, Yu Kikuchi wrote:
>>>> Hello All.
>>>> My Environment of Application Server is:
>>>> Apache 2.2.3, mod_jk 1.2.30, JBoss 5.0.0GA
>>>> I want to rewrite the Path contained in cookies. For example;
>>>> From) Set-Cookie JSESSIONID=794CC361C468123CA1D187B9C5F5FAA5; Path=/foo
>>>> To  ) Set-Cookie JSESSIONID=794CC361C468123CA1D187B9C5F5FAA5; Path=/bar
>>>> Appearing below is a good documentation about mod_jk,
>>>> but it doesn't mention about when I use mod_jk with before Apache 2.2.3.
>>>> The Apache Tomcat Connector - Generic HowTo "Reverse Proxy HowTo"
>>>> http://tomcat.apache.org/connectors-doc/generic_howto/proxy.html#URL Rewriting
>>>> Does anyone know any good ideas?
>>>> Or should I ask ApacheML about this problem?
>>> The recipes in the HowTo you mentioned won't work with Apache httpd
>>> 2.2.3, because mod_headers supports the edit function only for Version
>>> 2.2.4 and newer.
>> Using mod_rewrite will probably work with previous versions. Just
>> speculating, here.
> 
> Fixing/altering outgoing (response) headers is beyond the
> functionality of mod_rewrite. The other parts work with mod_rewrite,
> but mod_headers (with its edit functionality) is an important part in
> this use case.
> 

Getting back to the original issue, Thomas seems to be right when he says that if the 
cookie path is set to /foo, the browser will return it also for URLs such as /foobar and 
/foofoo.
 From the Cookie RFCs, i gather that the cookie path is taken as a *prefix*, and /foo is a

prefix of /foobar.

Now the issue is : who is setting the cookie path ?  if it is the application, and if this

is a concern, then I would suggest to fix the application.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Mime
View raw message