You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jim Roycroft <ji...@codesilver.ca> on 2007/02/08 20:25:03 UTC
Re: [users@httpd] Apache + Tomcat = no session management
There may be another alternative here if you are running Tomcat 5.5:
Set the proxyName, proxyPort, and emptySessionPath within your connector in
Tomcat's server.xml file.
In this case, I would set proxyName="iobis.marine.rutgers.edu",
proxyPort="80", and emptySessionpath="true".
This should result in Tomcat setting a cookie (which will get sent through
the proxy) with the external hostname, the external port, and a "/" where
"/OBISDEV" used to be.
This means you don't have to use the ProxyPassReverseCookieDomain and
ProxyPassReverseCookiePath directives from Apache 2.2 (even if you had that
option).
I hope I haven't missed anything here (I am assuming you are only running
one Tomcat server behind the proxy).
Have a look at the "Proxy Support HOWTO" and the Server Config Reference in
the Tomcat docs for more info.
Jim
Wm.A.Stafford wrote:
>
> Sander,
>
> Thanks a million for all your help!
>
> -=bill
>
> Sander Temme wrote:
>>
>> On Jan 25, 2007, at 1:20 PM, Wm.A.Stafford wrote:
>>
>>> Sander,
>>>
>>> Here is a cookie copied from Firefox cookie viewer when
>>> the Apache+Tomcat machine was accessed from another machine.
>>>
>>> Name: JSESSIONID
>>> Content: 10FA6EB4F5B24CBA716A7F5DAD1F4B3F
>>> Host: iobis.marine.rutgers.edu
>>> Path: /OBISDEV
>> ^^^^^^^^
>>> Send For: Any type of connecion
>>> Expires: at end of session
>>>
>>> The URL to access the Apache+Tomcat application is:
>>> http://iobis.marine.rutgers.edu/OBISBETA/OBIS.jsp
>> ^^^^^^^^^
>>>
>>> Just a reminder of the mapping from httpd.conf
>>> ProxyPass /OBISBETA http://localhost:8082/OBISDEV
>>> ProxyPassReverse /OBISBETA localhost:8082/OBISDEV
>> ^^^^^^^^^ ^^^^^^^^
>>
>> As you can see, the Path: in the cookie does not match the URL path,
>> so the session cookie will not get sent back to the server.
>>
>> Since the mod_proxy of Apache 1.3 doesn't support rewriting Cookie
>> paths, your only option is to change the ProxyPass local path to match
>> the back-end (and connect to that), or have Tomcat match its mount
>> path to what the front-end thinks it is.
>>
>> That's really all I can think of right now.
>>
>> S.
>>
>>
>>>
>>> Thanks,
>>> -=bill
>>>
>>>
>>> Sander Temme wrote:
>>>>
>>>> On Jan 24, 2007, at 11:00 AM, Wm.A.Stafford wrote:
>>>>
>>>>> A bit more info has emerged, the admin believes the Apache
>>>>> version is 1.3.20.
>>>>
>>>> Running httpd -v will take away any shred of doubt.
>>>>
>>>>>> I'll see if there is any interest in moving to the latest
>>>>>> Apache but at this point I think that is probably not an option
>>>>>> because there are a lot of other users of this system and they
>>>>>> would all have to buy in. So I will need to proceed with
>>>>>> configuration of the existing version.
>>>>
>>>> Apache has made great strides since 1.3.20. For starters, any 1.3
>>>> version after that contains security fixes that you might want. As
>>>> no other changes are made to that branch, an upgrade should not
>>>> cause you any problems.
>>>>
>>>> The proxy module that came with Apache 1.3 did not have the
>>>> ProxyReverseCookiePath directive that I talked about earlier. See
>>>>
>>>> http://httpd.apache.org/docs/1.3/mod/mod_proxy.html
>>>>
>>>> for documentation on the 1.3 mod_proxy module.
>>>>
>>>> Before we make any more guesses about the nature of your problem, I
>>>> would like to learn from you whether the Cookie path mismatch is
>>>> actually causing your issue. Could you run the following test on
>>>> your application:
>>>>
>>>> 1) Clear your browser cache and cookie store
>>>> 2) Connect to your application through the Apache proxy and log in
>>>> 3) Go back to your cookie store, see if anything emerged and send us
>>>> the
>>>> contents of any JSESSIONID cookies. Feel free to obfuscate as you
>>>> see
>>>> fit, as long as we have enough information to work with (domain
>>>> and path
>>>> are of paramount interest, as well as the complete URL you used to
>>>> access your application in step 2.
>>>>
>>>> Thanks,
>>>>
>>>> S.
>>>>
>>>> --sctemme@apache.org http://www.temme.net/sander/
>>>> PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
>>>>
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server
>>> Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>
>>
>> --sctemme@apache.org http://www.temme.net/sander/
>> PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
>>
>>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Apache-%2B-Tomcat-%3D-no-session-management-tf3064563.html#a8872328
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org