Re: Apache + Tomcat = no session management

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Jan 23, 2007, at 1:30 PM, Wm.A.Stafford wrote:
Thanks for replying to my query. I don't really know anything about Apache. How would I go about determining how Apache and Tomcat interact? I have the httpd.conf file for the Apache in question, can I tell from that? I have looked through the file and I do not see mod_jk being loaded so I think we can rule out that.
I see the lines below in httpd.conf does this mean communication is via HTTPProxy? (our app is OBISDEV) 
   ProxyPass /OBISBETA http://localhost:8082/OBISDEV
   ProxyPassReverse /OBISBETA localhost:8082/OBISDEV
Yes, that looks promising. So, when you connect to your application, you type in the browser something like: 

http://yourhostname/OBISBETA/somewebapppath
Any request that starts with /OBISBETA will be forwarded to the latter URL, with whatever came after /OBISBETA (/somewebappath in this case) tacked on.
If the web app decides to write a cookie to the browser, it may choose to include a path. Tomcat thinks it's running at /OBISDEV, which is different from the path seen by the browser.
When the browser sends the next request, it'll send any cookie along that it has cached for the hostname and path under consideration. Since the browser connects to a different path (/OBISBETA instead of / OBISDEV), your cookie wont't get sent which your Tomcat will see as an opportunity to create a brand new session all over again. If you open your browser's cookie cache, you should find the orphaned cookie that you received but didn't send back.
Which version of Apache are you using? As of Apache 2.2, we have a configuration directive 'ProxyPassReverseCookiePath' that can rewrite such a Cookie path on the proxy. If you are running Apache 2.2.x, have a look at
http://httpd.apache.org/docs/2.2/mod/ mod_proxy.html#proxypassreversecookiepath
(hint: put ProxyPassReverseCookiePath /OBISDEV /OBISBETA next to the ProxyPassReverse directive and restart your Apache)
I'm sorry to be so clueless but I have absolutely no experience with Apache.
That's OK, we're here to help. If you need any more info, perhaps you can paste us the contents of such an orphaned cookie... don't worry about the contents (a session ID is just random data as far as we are concerned), but the cookie name (probably JSESSIONID), domain and path would be good info. If you can't find it, clear your browser cache (on your test machine, don't want you to lose all your saved logins), access your app and then look what the cat dragged in. 

S.

--
sctemme@xxxxxxxxxx            http://www.temme.net/sander/
Open Source Software Consultant
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux