Scenario:
OP: Windows 7 Home Premium (64 bit)
Test Env: XAMPP Version 5.6.8
Apache(80) is the front-end server. (Version 2.4)
Tomcat(8080=http) (8009=ajp) is the back-end server containing Java code and Html/Css/JS for this particular application. (Version 8.0.22)
Connection: ProxyPassReverse defined in httpd-ajp.conf
The problem:
When requesting data via Browser->Apache(80)->Tomcat(8009) the session disappears between Apache(80) and Tomcat(8009).
Apache does not use the original sessionId in subsequent requests. That means Tomcat(8009) creates a new httpSession instance with every
subsequent request. In other words, the sessionId is not maintained between these two servers.
The process:
Apache requests from Tomcat(8009) the Initial_Page.html, Tomcat serves the page. All good.
The Inital_Page.html contains an AJAX function requesting Java-Servlet data from Tomcat(8009). Tomcat serves that data. All good.
With this first AJAX request, Tomcat has created an internal (Java-Servlet) httpSession instance containing some reference data.
Browser displays html and AJAX-reply data correctly. All good.
Browser requests second AJAX data using parameters received by the first request.
The second request arrives at Tomcat(8009), tries to read some data from (Java-Servlet) httpSession instance.
The httpSession is not there and Tomcat throws an exception. To be precise, Java creates a new httpSession instance. Request fails.
Bypassing Apache(80) and requesting data direct from Tomcat(8080) works ok.
Tomcat serves the page. All good.
Browser requests second AJAX data using parameters received by the first request.
The second AJAX request arrives at Tomcat(8080), reads some data from (Java-Servlet) httpSession instance, processes the request,
creates the reply and sends it.
Tomcat serves the reply to the browser, and the browser processes that reply. All good.
What I have done so far:
In httpd.conf the following lines have been enabled or added:
#-----------------------------------------------------------------
# 15.09.2015 enable session, just 4
#-----------------------------------------------------------------
LoadModule session_module modules/mod_session.so
LoadModule session_cookie_module modules/mod_session_cookie.so
LoadModule session_crypto_module modules/mod_session_crypto.so
LoadModule session_dbd_module modules/mod_session_dbd.so
at the end of the file I added:
# -------------------------------------------------------------------------
# 15.09.2015 include session
# -------------------------------------------------------------------------
<IfModule session_module>
Session On
</IfModule>
In httpd-ajp.conf the following lines have been enabled:
# -------------------------------------------------------------------------
# 15.09.2015 ProxyPassReverse
# -------------------------------------------------------------------------
Tomcat server.xml:
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" proxyName="localhost" proxyPort="80" secure="true" />
Previous environment:
The whole application set-up worked very well with an older version of Apache and Tomcat.
There was no problem in the old set-up.
My old dev environment was Apache 2.2, Tomcat 6.x and JDK 1.7.
The old machine became infected and I had to build the lot from scratch using the newest version of everything.
I know I'm missing something here, but what?
Could someone experienced in Apache internals help me out, please?
Kind regards,
Alex
