You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jim Roycroft <ji...@codesilver.ca> on 2007/02/08 20:25:03 UTC

Re: [users@httpd] Apache + Tomcat = no session management

There may be another alternative here if you are running Tomcat 5.5:

Set the proxyName, proxyPort, and emptySessionPath within your connector in
Tomcat's server.xml file.

In this case, I would set proxyName="iobis.marine.rutgers.edu",
proxyPort="80", and emptySessionpath="true".

This should result in Tomcat setting a cookie (which will get sent through
the proxy) with the external hostname, the external port, and a "/" where
"/OBISDEV" used to be.

This means you don't have to use the ProxyPassReverseCookieDomain and
ProxyPassReverseCookiePath directives from Apache 2.2 (even if you had that
option).

I hope I haven't missed anything here (I am assuming you are only running
one Tomcat server behind the proxy).

Have a look at the "Proxy Support HOWTO" and the Server Config Reference in
the Tomcat docs for more info.

Jim



Wm.A.Stafford wrote:
> 
> Sander,
> 
>     Thanks a million for all your help! 
> 
>     -=bill
> 
> Sander Temme wrote:
>>
>> On Jan 25, 2007, at 1:20 PM, Wm.A.Stafford wrote:
>>
>>> Sander,
>>>
>>> Here is a cookie copied from Firefox cookie viewer when
>>> the Apache+Tomcat machine was accessed from another machine.
>>>
>>> Name: JSESSIONID
>>> Content: 10FA6EB4F5B24CBA716A7F5DAD1F4B3F
>>> Host: iobis.marine.rutgers.edu
>>> Path: /OBISDEV
>>         ^^^^^^^^
>>> Send For: Any type  of connecion
>>> Expires: at end of session
>>>
>>> The URL to access the Apache+Tomcat application is:
>>> http://iobis.marine.rutgers.edu/OBISBETA/OBIS.jsp
>>                                  ^^^^^^^^^
>>>
>>> Just a reminder of the mapping from httpd.conf
>>> ProxyPass /OBISBETA http://localhost:8082/OBISDEV
>>> ProxyPassReverse /OBISBETA localhost:8082/OBISDEV
>>                    ^^^^^^^^^               ^^^^^^^^
>>
>> As you can see, the Path: in the cookie does not match the URL path, 
>> so the session cookie will not get sent back to the server.
>>
>> Since the mod_proxy of Apache 1.3 doesn't support rewriting Cookie 
>> paths, your only option is to change the ProxyPass local path to match 
>> the back-end (and connect to that), or have Tomcat match its mount 
>> path to what the front-end thinks it is.
>>
>> That's really all I can think of right now.
>>
>> S.
>>
>>
>>>
>>> Thanks,
>>> -=bill
>>>
>>>
>>> Sander Temme wrote:
>>>>
>>>> On Jan 24, 2007, at 11:00 AM, Wm.A.Stafford wrote:
>>>>
>>>>>    A bit more info has emerged, the admin believes  the Apache 
>>>>> version is  1.3.20.
>>>>
>>>> Running httpd -v will take away any shred of doubt.
>>>>
>>>>>>    I'll see if there is any interest in moving to the latest 
>>>>>> Apache but at this point I think that is probably not an option 
>>>>>> because there are a lot of other users of this system and they 
>>>>>> would all have to buy in.  So I will need to proceed with 
>>>>>> configuration of the existing version.
>>>>
>>>> Apache has made great strides since 1.3.20.  For starters, any 1.3 
>>>> version after that contains security fixes that you might want.  As 
>>>> no other changes are made to that branch, an upgrade should not 
>>>> cause you any problems.
>>>>
>>>> The proxy module that came with Apache 1.3 did not have the 
>>>> ProxyReverseCookiePath directive that I talked about earlier. See
>>>>
>>>> http://httpd.apache.org/docs/1.3/mod/mod_proxy.html
>>>>
>>>> for documentation on the 1.3 mod_proxy module.
>>>>
>>>> Before we make any more guesses about the nature of your problem, I 
>>>> would like to learn from you whether the Cookie path mismatch is 
>>>> actually causing your issue.  Could you run the following test on 
>>>> your application:
>>>>
>>>> 1) Clear your browser cache and cookie store
>>>> 2) Connect to your application through the Apache proxy and log in
>>>> 3) Go back to your cookie store, see if anything emerged and send us 
>>>> the
>>>>    contents of any JSESSIONID cookies. Feel free to obfuscate as you 
>>>> see
>>>>    fit, as long as we have enough information to work with (domain 
>>>> and path
>>>>    are of paramount interest, as well as the complete URL you used to
>>>>    access your application in step 2.
>>>>
>>>> Thanks,
>>>>
>>>> S.
>>>>
>>>> --sctemme@apache.org            http://www.temme.net/sander/
>>>> PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF
>>>>
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server 
>>> Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>
>>
>> --sctemme@apache.org            http://www.temme.net/sander/
>> PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF
>>
>>
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Apache-%2B-Tomcat-%3D-no-session-management-tf3064563.html#a8872328
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org