You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Milt Epstein <me...@uiuc.edu> on 2002/08/08 17:16:56 UTC

Session problem, related to cookies and path

I posted a query about this on tomcat-user, I wanted to post one here
as well to get the developer's perspective on it.

First of all, the system/software being used is:
UNIX (AIX 4.3.3)
Apache 1.3.26
Tomcat 4.0.4
mod_jk

Due to the environment I'm running (as dictated by the sysadmins), I'm
having some problems with sessions.  The environment includes using
Apache's mod_rewrite to rewrite some URL's; for example,

http://servername/examples

becomes

http://servername/~user/http/examples

As a result, sessions aren't working, that is, it wants to set the
session cookie on each request.  This is because the path on the
session cookie is "/~user/http/examples", but since the URL is just
"/examples", the browser is not sending the cookie over.

(Apache knows to forward "/examples" URL's to Tomcat because of some
appropriate JkMount directives.  In addition, I had to modify the
appropriate Context in tomcat's server.xml, setting the path attribute
to "/~user/http/examples" for the docBase "examples".)

Is there some way to handle this problem?  Some way to make Tomcat
aware of the rewriting and have it use the unrewritten URL instead?
Or some way to do further rewiriting in Tomcat before the session
cookie is processed/set?  Or some way to specify a "URLBase" that
conexts are considered relative to, i.e. effectively tell it to remove
the "/~user/http" from the context path?

Note that we may consider solutions that involve rewriting/adding code
to Tomcat (adding code is preferred, since then we can just pop some
classes into the appropriate lib/classes directory and have it work
"out of the box").  Maybe there are some classes we can sub-class to
have it do the additional processing on the URI before it sets the
context, maybe and Engine or Host class.

Also note that automatic application deployment will also not function
as desired because of this rewriting.  So it would be great if there
were a solution that could deal with both these issues (automatic
application deployment and session cookies) at the same time.

Any suggestions/help appreciated.

Milt Epstein
Research Programmer
Systems and Technology Services (STS)
Campus Information Technologies and Educational Services (CITES)
University of Illinois at Urbana-Champaign (UIUC)
mepstein@uiuc.edu


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>