What you need to do is use LiveHTTPHeaders in order to verify that the cookie is indeed delivered to your browser as a Set-Cookie response header. I guess this is done in the HTTP 302 in response to GET https://extranet.hendrickson-intl.com/cas/login?service=http%3A%2F%2Fextranet.hendrickson-intl.com%3A80%2Fwcs%2Fj_security_check. If that login cookie is "secure" (that is a parameter of the cookie), your browser will not submit it in a request which is not sent over httpS. From what I have understood from your mails, you access your application with http (no S). That may explain why the cookies are not submitted. Another thing that might prevent the browser from submitting the cookie is a mismatch between the cookie domain and the host part of the URL. In order to be submitted, the cookie domain should be extranet.hendrickson-intl.com or hendrickson-intl.com. If that is not the case, the browser will not submit the cookie in requests. If you are uncertain about what is happening, please post the full LiveHTTPHeaders trace starting with the request for https://extranet.hendrickson-intl.com/cas/login?service=http%3A%2F%2Fextranet.hendrickson-intl.com%3A80%2Fwcs%2Fj_security_check, through the first access to http://extranet.hendrickson-intl.com/wcs/j_security_check?ticket=xxx Another thing is that there is a little voice in my head telling me that this is not a cookie problem. I am trying to have him shut up, but the little fellow keeps bugging me. I noticed that the query string in the URL http://extranet.hendrickson-intl.com/wcs/j_security_check?ticket=ST-11-vPSm2DSGExfFDlJ6Axb6 contains a variable named "ticket". Would that by any chance be the sign-in ticket?? Then, if the j_security_check failed, I would expect a redirection to the login service, not to another j_security_check... -ascs -----Original Message----- From: Shahzad Bhatti [mailto:sbhatti@xxxxxxxxxxx] Sent: Thursday, August 11, 2005 6:46 PM To: users@xxxxxxxxxxxxxxxx Subject: RE: [users@httpd] mod_proxy/mod_proxy_html Axel, Thanks again, it worked and I was able to go further, however I ran into another problem. We are using single-sign-on that stores ticket in cookie, however it looks like this cookie is not being passed to the client. And it goes into loop, i.e., -- AFTER SUCCESSFUL LOGIN, THE USER IS DIRECTED TO THE APPLICATION (WHICH VERIFIES TICKET) http://extranet.hendrickson-intl.com/wcs/j_security_check?ticket=ST-11-vPSm2DSGExfFDlJ6Axb6 GET /wcs/j_security_check?ticket=ST-11-vPSm2DSGExfFDlJ6Axb6 HTTP/1.1 Referer: http://extranet.hendrickson-intl.com/cas/login?service=http%3A%2F%2Fwd-prtlsrv1%3A8080%2Fhendrickson%2Fj_security_check AND IT'S SENDING REDIRECT TO THE SAME URL HTTP/1.x 302 Moved Temporarily Location: http://extranet.hendrickson-intl.com/wcs/j_security_check?ticket=ST-11-vPSm2DSGExfFDlJ6Axb6 Is there any way to add cookie support and break this loop. Regards, Shahzad Bhatti Integrated Software Specialists http://www.issintl.com 1901 North Roselle Road, Suite 450 Schaumburg, IL 60195 Phone: 847-558-5342 Fax: 847-240-5073 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|