Altering cookie path for Session tracking through a ProxyPass

[Giles Constant <gi...@ftech.net>]

Hi there,

I'm *really* stuck :-)

I've got a website on a server : www.foo.com

For reasons I won't bore you with, I have JSP for this website on a
different server : jsp.bar.com:8080/mycontext

To make it look pretty, I've done this to www.foo.com :

ProxyPass /jsp http://jsp.bar.com:8080/mycontext

Thusly, "www.foo.com/jsp" will point to the JSPs.

Unfortunately, when session tracking sends a cookie, it's broken, because
"mycontext" is doing this :

Set-Cookie: JSESSIONID=To1021mC6475555985819488At;Path=/mycontext

Which obviously won't be sent back to www.foo.com/jsp!

Anyone got any ideas for this?  ideally something in the configuration
file which would fudge the context to think it's in /jsp rather than
"/mycontext", but failing that, something where I can alter the "Path" of
the session at runtime.  I've scoured the docs for this, but i'm about to
give up :-)

I suppose failing that I could set a cookie manually, but it's getting
ugly.  Or perhaps I could hack the session tracking source..

help? :-)

-- 
Giles Constant <gi...@ftech.net> -  Network Operations
Frontier Internet Services Limited   http://www.frontier-internet.ltd.uk/
Tel: +44 (0)20 7510 4700             Fax: +44 (0)20 7531 9930
All statements made are subject to Frontier's Terms and Conditions of
Business which are available upon request.

Re: Altering cookie path for Session tracking through a ProxyPass

["Craig R. McClanahan" <Cr...@eng.sun.com>]

Giles Constant wrote:

> On Thu, 24 Aug 2000, Craig R. McClanahan wrote:
>
> > But, I've got a question.  Is there a particular reason you cannot deploy
> > your webapp (within Tomcat) as "/jsp" instead of "/mycontext"?  That way, the
> > names would match and the session cookies would work just fine.
>
> Because it's actually a server with several customer's jsp sites on it
> (we're an ISP).  So the context paths would have to be based on their
> username.  We can't put www.foo.com/username as the jsp redirect either,
> because that is used for something else :-)
>
> However, you've given me an idea.  With a bit of dns/CNAMEing, I can
> point
>
> USERNAME.jsp.ftech.net -> jsp.ftech.net
>
> And thusly proxypass through to username.jsp.ftech.net:8080/jsp without
> problems.  Case solved (I can go home now).
>

That's great.  Get some sleep.  :-)

>
> (does jakarta support HTTP1.1 hosting?  I know jetty3 does, but I'd rather
> not change servers at this point :-))
>

Tomcat 3.x does not support HTTP/1.1 at the moment, although Tomcat 4.0 will when
it's released (it's being actively developed).

>
> Thanks for your help,
>
> Giles
>

Craig

Re: Altering cookie path for Session tracking through a ProxyPass

[Giles Constant <gi...@ftech.net>]

On Thu, 24 Aug 2000, Craig R. McClanahan wrote:

> But, I've got a question.  Is there a particular reason you cannot deploy
> your webapp (within Tomcat) as "/jsp" instead of "/mycontext"?  That way, the
> names would match and the session cookies would work just fine.

Because it's actually a server with several customer's jsp sites on it
(we're an ISP).  So the context paths would have to be based on their
username.  We can't put www.foo.com/username as the jsp redirect either,
because that is used for something else :-)

However, you've given me an idea.  With a bit of dns/CNAMEing, I can
point

USERNAME.jsp.ftech.net -> jsp.ftech.net

And thusly proxypass through to username.jsp.ftech.net:8080/jsp without
problems.  Case solved (I can go home now).

(does jakarta support HTTP1.1 hosting?  I know jetty3 does, but I'd rather
not change servers at this point :-))

Thanks for your help,

Giles

-- 
Giles Constant <gi...@ftech.net> -  Network Operations
Frontier Internet Services Limited   http://www.frontier-internet.ltd.uk/
Tel: +44 (0)20 7510 4700             Fax: +44 (0)20 7531 9930
All statements made are subject to Frontier's Terms and Conditions of
Business which are available upon request.

Re: Altering cookie path for Session tracking through a ProxyPass

["Craig R. McClanahan" <Cr...@eng.sun.com>]

You would have to patch the Tomcat source code to do anything like this.
Tomcat assumes that the context path under which a web app is deployed is the
context path under which users will access it.

But, I've got a question.  Is there a particular reason you cannot deploy
your webapp (within Tomcat) as "/jsp" instead of "/mycontext"?  That way, the
names would match and the session cookies would work just fine.

Craig McClanahan


Giles Constant wrote:

> Hi there,
>
> I'm *really* stuck :-)
>
> I've got a website on a server : www.foo.com
>
> For reasons I won't bore you with, I have JSP for this website on a
> different server : jsp.bar.com:8080/mycontext
>
> To make it look pretty, I've done this to www.foo.com :
>
> ProxyPass /jsp http://jsp.bar.com:8080/mycontext
>
> Thusly, "www.foo.com/jsp" will point to the JSPs.
>
> Unfortunately, when session tracking sends a cookie, it's broken, because
> "mycontext" is doing this :
>
> Set-Cookie: JSESSIONID=To1021mC6475555985819488At;Path=/mycontext
>
> Which obviously won't be sent back to www.foo.com/jsp!
>
> Anyone got any ideas for this?  ideally something in the configuration
> file which would fudge the context to think it's in /jsp rather than
> "/mycontext", but failing that, something where I can alter the "Path" of
> the session at runtime.  I've scoured the docs for this, but i'm about to
> give up :-)
>
> I suppose failing that I could set a cookie manually, but it's getting
> ugly.  Or perhaps I could hack the session tracking source..
>
> help? :-)
>
> --
> Giles Constant <gi...@ftech.net> -  Network Operations
> Frontier Internet Services Limited   http://www.frontier-internet.ltd.uk/
> Tel: +44 (0)20 7510 4700             Fax: +44 (0)20 7531 9930
> All statements made are subject to Frontier's Terms and Conditions of
> Business which are available upon request.