You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modproxy-dev@apache.org by Graham Leggett <mi...@sharp.fm> on 2002/07/19 07:56:58 UTC

Re: Malformed http header

Michael Mangeng wrote:

> Cookie: JSESSIONID=F291F12ABC86D02A8DE252ED67969218
> which, as you surly all know, maps the user to his session..
>  
> but if i request the pages throught apache with mod_proxy this cookie 
> line is simply MISSING in the http header which reaches tomcat.

There are known problems with proxy and setting cookies in older 
versions of proxy. If you are using proxy, either use v1.3.22 (the 
original old HTTP/1.0 code) or v1.3.26 (the new HTTP/1.1 code with a 
number of bugs fixed).

Regards,
Graham
-- 
-----------------------------------------
minfrin@sharp.fm 
	"There's a moon
					over Bourbon Street
						tonight..."

Re: Malformed http header

Posted by Graham Leggett <mi...@sharp.fm>.

Michael Mangeng wrote:

> I forgot to mention that the httpd version is 1.3.26.
> Looks like this bug is still present.

This could be something else - the previous bug involved two or more 
cookies being reduced to one cookie (each one overwrote the previous 
one). I understand you are getting one cookie reduced to no cookies...

Can you use something like tcpflow to see what the tomcat receives, as 
opposed to what apache receives? Then we can see what it is doing.

Cookies are something that need to be treated carefully. One way of the 
most common ways that cookies break is to have a different URL structure 
on the backend and the frontend. The cookie's scope is not changed when 
it passes through Apache, and it's quite possible your browser is not 
returning the cookie because it believes the cookie is not within scope.

Regards,
Graham
-- 
-----------------------------------------
minfrin@sharp.fm 
	"There's a moon
					over Bourbon Street
						tonight..."

Re: Malformed http header

Posted by Michael Mangeng <mi...@ideefix.net>.

hi!

I forgot to mention that the httpd version is 1.3.26.
Looks like this bug is still present.

I will try to solve my problem with mod_jk.

thanx for your help, greetings
Michael


----- Original Message ----- 
From: "Graham Leggett" <mi...@sharp.fm>
To: <mo...@apache.org>
Sent: Friday, July 19, 2002 7:56 AM
Subject: Re: Malformed http header


> Michael Mangeng wrote:
> 
> > Cookie: JSESSIONID=F291F12ABC86D02A8DE252ED67969218
> > which, as you surly all know, maps the user to his session..
> >  
> > but if i request the pages throught apache with mod_proxy this cookie 
> > line is simply MISSING in the http header which reaches tomcat.
> 
> There are known problems with proxy and setting cookies in older 
> versions of proxy. If you are using proxy, either use v1.3.22 (the 
> original old HTTP/1.0 code) or v1.3.26 (the new HTTP/1.1 code with a 
> number of bugs fixed).
> 
> Regards,
> Graham
> -- 
> -----------------------------------------
> minfrin@sharp.fm 
> "There's a moon
> over Bourbon Street
> tonight..."
> 
>

Re: Malformed http header

Posted by Graham Leggett <mi...@sharp.fm>.

Maurizio Marini wrote:

> Previous mod_proxy release doesn't carry all headers_out across redirect;
> I have patched proxy_http.c in apache 1.3.23

Is this fix applied to the code yet?

> In proxy_http.c u find:
> 
>  /* handle the ProxyPassReverse mappings */
>     if ((urlstr = ap_table_get(resp_hdrs, "Location")) != NULL)
>       ap_table_set(resp_hdrs, "Location", proxy_location_reverse_map(r, urlstr));
>     if ((urlstr = ap_table_get(resp_hdrs, "URI")) != NULL)
>       ap_table_set(resp_hdrs, "URI", proxy_location_reverse_map(r, urlstr));
>     if ((urlstr = ap_table_get(resp_hdrs, "Content-Location")) != NULL)
>       ap_table_set(resp_hdrs, "Content-Location", proxy_location_reverse_map(r , urlstr));
> 
> resp_hdrs doesn't containd Set-Cookie :(
> They have Location, URI & Content-Location

The purpose of the above lines is to rewrite the above three lines as 
specified in the ProxyPassReverse directive. Cookies are passed as-is. 
As you can see, the headers are lifted from resp_hdrs and returned to 
resp_hdrs. Other headers (like cookies) remain unaltered, so there is no 
problem there.

> then resp_hdrs is copied onto r->headers_out:
> proxy_http.c apache 1.3.23:
>     /* Setup the headers for our client from upstreams response-headers */
>     ap_overlap_tables(r->headers_out, resp_hdrs, AP_OVERLAP_TABLES_SET);

> After this, cookies are missed.

This is because of AP_OVERLAP_TABLES_SET. As each cookie is copied 
across, it obliterates and previous "cookie" headers, thus you only end 
up with the last cookie. This problem is fixed in v1.3.26.

> My patch save cookie before ap_overlap_tables, and then add them to r->headers_out

This only fixes the problem for cookies, where the problem exists for 
headers in general.

> in proxy_http.c apache 1.3.26 u find:
>     /* Setup the headers for our client from upstreams response-headers */
>     ap_proxy_table_replace(r->headers_out, resp_hdrs);
> 
> If Graham is right (as I hope) using ap_proxy_table_replace instead of ap_overlap_tables
> does fix the cookies problem (is it a bug? i dunno..)

The replace function was created to "replace an existing header if it 
exists, but make sure that multiple headers are not obliterated during 
the copy", thus fixing the problem.

Regards,
Graham
-- 
-----------------------------------------
minfrin@sharp.fm 
	"There's a moon
					over Bourbon Street
						tonight..."

Re: Malformed http header

Posted by Maurizio Marini <ma...@datalogica.com>.

On Friday 19 July 2002 07:56 am, Graham Leggett wrote:

> There are known problems with proxy and setting cookies in older
> versions of proxy. If you are using proxy, either use v1.3.22 (the
> original old HTTP/1.0 code) or v1.3.26 (the new HTTP/1.1 code with a
> number of bugs fixed).

Previous mod_proxy release doesn't carry all headers_out across redirect;
I have patched proxy_http.c in apache 1.3.23

In proxy_http.c u find:

 /* handle the ProxyPassReverse mappings */
    if ((urlstr = ap_table_get(resp_hdrs, "Location")) != NULL)
      ap_table_set(resp_hdrs, "Location", proxy_location_reverse_map(r, urlstr));
    if ((urlstr = ap_table_get(resp_hdrs, "URI")) != NULL)
      ap_table_set(resp_hdrs, "URI", proxy_location_reverse_map(r, urlstr));
    if ((urlstr = ap_table_get(resp_hdrs, "Content-Location")) != NULL)
      ap_table_set(resp_hdrs, "Content-Location", proxy_location_reverse_map(r , urlstr));

resp_hdrs doesn't containd Set-Cookie :(
They have Location, URI & Content-Location


then resp_hdrs is copied onto r->headers_out:
proxy_http.c apache 1.3.23:
    /* Setup the headers for our client from upstreams response-headers */
    ap_overlap_tables(r->headers_out, resp_hdrs, AP_OVERLAP_TABLES_SET);
After this, cookies are missed.
My patch save cookie before ap_overlap_tables, and then add them to r->headers_out



in proxy_http.c apache 1.3.26 u find:
    /* Setup the headers for our client from upstreams response-headers */
    ap_proxy_table_replace(r->headers_out, resp_hdrs);

If Graham is right (as I hope) using ap_proxy_table_replace instead of ap_overlap_tables
does fix the cookies problem (is it a bug? i dunno..)

I'm missing something? 

-- 
Maurizio Marini