You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lenya.apache.org by Jörn Nettingsmeier <ne...@apache.org> on 2007/11/07 21:40:37 UTC
proxy and session...
hi!
sorry for a potentially stupid question, but proxy debugging does funny
things to one's brain.
i think i have most redirection bugs tackled by now, but somehow i lost
session persistence.
at some point during my debugging sessions, ";jsessionid=" parameters
crept into my querystrings, which iiuc is a fallback when cookies don't
work. cookies are likely broken due to proxying (i know there is an
apache option to fix this, but i haven't tried it yet). but why is the
session id not persistent? after clicking on any old link in the lenya
gui, i'm asked to re-login and get a new session id...
any takers?
--
Jörn Nettingsmeier
"One of my most productive days was throwing away 1000 lines of code."
- Ken Thompson.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org
Re: proxy and session...
Posted by Jörn Nettingsmeier <ne...@apache.org>.
andreas, michi, jann,
thanks for your valuable hints. i have a working proxy setup now, which
has been committed to tools/proxytest.
i would appreciate everyone's comments, so that we can establish a
proxying best practice for production, which can also serve as a
standardized test setup to keep watch on our context and proxying
behaviour (which, as you all will recall, tends to go to pieces easily
since it's not part of our daily regression testing routine).
please review tools/proxytest/README, so that it can be merged into the
official documentation real soon now.
regards,
jörn
--
Jörn Nettingsmeier
"One of my most productive days was throwing away 1000 lines of code."
- Ken Thompson.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org
Re: proxy and session...
Posted by Michael Wechner <mi...@wyona.com>.
Jörn Nettingsmeier wrote:
> hi!
>
> sorry for a potentially stupid question, but proxy debugging does
> funny things to one's brain.
>
> i think i have most redirection bugs tackled by now, but somehow i
> lost session persistence.
> at some point during my debugging sessions, ";jsessionid=" parameters
> crept into my querystrings, which iiuc is a fallback when cookies
> don't work. cookies are likely broken due to proxying (i know there is
> an apache option to fix this, but i haven't tried it yet).
upgrade your httpd to 2.2 or higher and use something like
ProxyPassReverseCookiePath /$PREFIX /
and your cookies should work
Cheers
Michael
> but why is the session id not persistent? after clicking on any old
> link in the lenya gui, i'm asked to re-login and get a new session id...
>
> any takers?
>
>
--
Michael Wechner
Wyona - Open Source Content Management - Apache Lenya
http://www.wyona.com http://lenya.apache.org
michael.wechner@wyona.com michi@apache.org
+41 44 272 91 61
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org
Re: proxy and session...
Posted by Jann Forrer <ja...@id.unizh.ch>.
Jörn Nettingsmeier wrote:
> Andreas Hartmann wrote:
>> Jörn Nettingsmeier schrieb:
>>> hi!
>>>
>>> sorry for a potentially stupid question, but proxy debugging does funny
>>> things to one's brain.
>>>
>>> i think i have most redirection bugs tackled by now, but somehow i lost
>>> session persistence.
>>> at some point during my debugging sessions, ";jsessionid=" parameters
>>> crept into my querystrings, which iiuc is a fallback when cookies don't
>>> work. cookies are likely broken due to proxying (i know there is an
>>> apache option to fix this, but i haven't tried it yet). but why is the
>>> session id not persistent? after clicking on any old link in the lenya
>>> gui, i'm asked to re-login and get a new session id...
>>
>> Are you running Lenya in a non-root context, so that the Apache and
>> Servlet paths don't match? In Tomcat, you can set the "emptySessionPath"
>> attribute of the context to "true". No idea about Jetty, though.
>
> yeah. context is /webapp. to make things even more interesting, the
> servlet url is ajp://localhost:8009/webapp/default/authoring, whereas
> the proxy url is http://www.example.com/lenya/customer/authoring (i'm
> hiding the pub id and use some other path). global proxy is
> http://www.example.com/lenya.
>
> what does "emptySessionPath" do exactly?
> i'll google for some jetty equivalent tomorrow...
>
As far as i know tomcat sets the path variable in your cookie to /
instead of /webapp if emptySessionPath is true. That means the cookie
information is send to the app for each request http://localhost/.....
If this is not set, the cookie information is only sent if your request
is http://localhost/webapp i.e. your cookie path is equal to /webapp.
BTW did you check the path variable in your browsers cookie? What is
it's value? I could imagine that it is /webapp but your request is
something like http://www.example.com/lenya/..... due to your proxy
settings. That means the path in your cookie (/webapp) does not match
/lenya in the request and hence the cookie information is not sent to
the app :-( and a new session will be created.
IMHO there are at least two possibilities to solve that problem:
1. use emptySessionPath in your tomcat setup or
2. use proxy setting which have the real application context in it in
your case http://www.example.com/webapp/customer/authoring instead of
http://www.example.com/lenya/customer/authoring
3. I did not know whether Michis solution works with your setup.
HTH
Jann
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org
Re: proxy and session...
Posted by Jörn Nettingsmeier <ne...@apache.org>.
Andreas Hartmann wrote:
> Jörn Nettingsmeier schrieb:
>> hi!
>>
>> sorry for a potentially stupid question, but proxy debugging does funny
>> things to one's brain.
>>
>> i think i have most redirection bugs tackled by now, but somehow i lost
>> session persistence.
>> at some point during my debugging sessions, ";jsessionid=" parameters
>> crept into my querystrings, which iiuc is a fallback when cookies don't
>> work. cookies are likely broken due to proxying (i know there is an
>> apache option to fix this, but i haven't tried it yet). but why is the
>> session id not persistent? after clicking on any old link in the lenya
>> gui, i'm asked to re-login and get a new session id...
>
> Are you running Lenya in a non-root context, so that the Apache and
> Servlet paths don't match? In Tomcat, you can set the "emptySessionPath"
> attribute of the context to "true". No idea about Jetty, though.
yeah. context is /webapp. to make things even more interesting, the
servlet url is ajp://localhost:8009/webapp/default/authoring, whereas
the proxy url is http://www.example.com/lenya/customer/authoring (i'm
hiding the pub id and use some other path). global proxy is
http://www.example.com/lenya.
what does "emptySessionPath" do exactly?
i'll google for some jetty equivalent tomorrow...
'night,
jörn
--
Jörn Nettingsmeier
"One of my most productive days was throwing away 1000 lines of code."
- Ken Thompson.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org
Re: proxy and session...
Posted by Andreas Hartmann <an...@apache.org>.
Jörn Nettingsmeier schrieb:
> hi!
>
> sorry for a potentially stupid question, but proxy debugging does funny
> things to one's brain.
>
> i think i have most redirection bugs tackled by now, but somehow i lost
> session persistence.
> at some point during my debugging sessions, ";jsessionid=" parameters
> crept into my querystrings, which iiuc is a fallback when cookies don't
> work. cookies are likely broken due to proxying (i know there is an
> apache option to fix this, but i haven't tried it yet). but why is the
> session id not persistent? after clicking on any old link in the lenya
> gui, i'm asked to re-login and get a new session id...
Are you running Lenya in a non-root context, so that the Apache and
Servlet paths don't match? In Tomcat, you can set the "emptySessionPath"
attribute of the context to "true". No idea about Jetty, though.
-- Andreas
--
Andreas Hartmann, CTO
BeCompany GmbH
http://www.becompany.ch
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org