You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Greg Cox <gr...@interpath.net> on 1999/10/11 16:26:35 UTC
mod_proxy/5124: Cookies aren't being passed during a ProxyPass
>Number: 5124
>Category: mod_proxy
>Synopsis: Cookies aren't being passed during a ProxyPass
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Mon Oct 11 07:30:00 PDT 1999
>Last-Modified:
>Originator: greg.cox@interpath.net
>Organization:
apache
>Release: 1.3.4
>Environment:
SunOS [host1] 5.6 Generic_105181-12 sun4u sparc SUNW,Ultra-250
WorkShop Compilers 5.0 98/12/15 C 5.0
Apache/1.3.4 (Unix) with mod_perl
>Description:
I have a pair of matching machines, matching versions of Apache.
The FEM (front-end machine) has the following directives:
ProxyPass /secure/reports http://[host2]/bem
ProxyPassReverse /secure/reports http://[host2]/bem
Users go to FEM/secure/, where they are authenticated against a .htaccess file.
They are then redirected to FEM/secure/reports/ and a cookie is set.
The redirect is issued, and the browser goes to the new URL. The proxying
is successful, but the perl script at http://[host2]/bem/ does not indicate
that it ever received the cookie.
>How-To-Repeat:
Unfortunately, I don't have root on any external systems to provide an example.
Make 2 machines. One proxies to the other. One sets a cookie with a path of '/'.
It then 302 redirects to a ProxyPass URI. The BEM, which is pretending to be
FEM/some/path/ (a URI that should have access to the cookie) never receives the
cookie in its proxy call.
>Fix:
Pass 'em? :-)
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <ap...@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or ]
["Re: general/1098:"). If the subject doesn't match this ]
[pattern, your message will be misfiled and ignored. The ]
["apbugs" address is not added to the Cc line of messages from ]
[the database automatically because of the potential for mail ]
[loops. If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request from a ]
[developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]