You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Greg Cox <gr...@interpath.net> on 1999/10/11 16:26:35 UTC

mod_proxy/5124: Cookies aren't being passed during a ProxyPass

>Number:         5124
>Category:       mod_proxy
>Synopsis:       Cookies aren't being passed during a ProxyPass
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Mon Oct 11 07:30:00 PDT 1999
>Last-Modified:
>Originator:     greg.cox@interpath.net
>Organization:
apache
>Release:        1.3.4
>Environment:
SunOS [host1] 5.6 Generic_105181-12 sun4u sparc SUNW,Ultra-250
WorkShop Compilers 5.0 98/12/15 C 5.0
Apache/1.3.4 (Unix) with mod_perl
>Description:
I have a pair of matching machines, matching versions of Apache.
The FEM (front-end machine) has the following directives:

  ProxyPass         /secure/reports http://[host2]/bem
  ProxyPassReverse  /secure/reports http://[host2]/bem

Users go to FEM/secure/, where they are authenticated against a .htaccess file.
They are then redirected to FEM/secure/reports/ and a cookie is set.

The redirect is issued, and the browser goes to the new URL.  The proxying
is successful, but the perl script at http://[host2]/bem/ does not indicate
that it ever received the cookie.
>How-To-Repeat:
Unfortunately, I don't have root on any external systems to provide an example.
Make 2 machines.  One proxies to the other.  One sets a cookie with a path of '/'.
It then 302 redirects to a ProxyPass URI.  The BEM, which is pretending to be
FEM/some/path/ (a URI that should have access to the cookie) never receives the
cookie in its proxy call.
>Fix:
Pass 'em?  :-)
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <ap...@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or      ]
["Re: general/1098:").  If the subject doesn't match this       ]
[pattern, your message will be misfiled and ignored.  The       ]
["apbugs" address is not added to the Cc line of messages from  ]
[the database automatically because of the potential for mail   ]
[loops.  If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request from a  ]
[developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]