RE: Problems with ProxyPassReverseCookieDomain

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Obviously the original poster has an application that only returns the domain part in the cookie domain, hence the lack of rewriting despite ProxyPassReverseCookieDomain.

and no I do not make a habit of weeping over RFCs.


-ascs
____________________________________________
-----Message d'origine-----
De : solprovider@xxxxxxxxx [mailto:solprovider@xxxxxxxxx] De la part de solprovider@xxxxxxxxxx
Envoyé : lundi 15 octobre 2007 15:06
À : users@xxxxxxxxxxxxxxxx
Objet : Re:  Problems with ProxyPassReverseCookieDomain

Distinguishing between FQDN and Domain is barely relevant when discussing Cookies.  RFC2965 states, "Domain Defaults to the request-host."  Cookies default to using the FQDN as the Domain if the Domain is not specified.  Specified domains must start with a period, must be exactly one level below the server name, and are only returned to servers in the one level above the period.  Read Section 3.3.2 and weep.  The drafters deliberately made Cookies as limited as possible.
solprovider.com and www.solprovider.com cannot share Cookies even
though both addresses reach the same server.   Look at the Cookies in
your browser.  The server name will be part of the domain if no domain was specified (e. g. www.cnn.com and www.networksolutions.com).

I wonder if the leading period is missing from "example.com".
".example.com" (leading period) would be sent to www.example.com and www1.example.com.  "example.com" (no leading period) would only be sent to example.com.  Browsers should add the leading period if domain is specified.

solprovider

On 10/15/07, Axel-Stephane  SMORGRAV
<Axel-Stephane.SMORGRAV@xxxxxxxxxxxxxx> wrote:
> The behaviour observed by the original poster is correct: www.example.com is the host FQDN - not the domain. The cookie _domain_ is example.com.
>
> A cookie which domain is example.com will be submitted by the UA to both www1.example.com and www.example.com. The conclusion is that no rewriting of the cookie domain is required.
>
> However, the original poster states "it is named simply example.com" which makes me wonder if he/she confuses the cookie name with its domain. In order to clear that up, it would be nice to see a trace of the requests/responses between the UA and the reverse proxy.
>
>
> -ascs
>
> -----Message d'origine-----
> De : solprovider@xxxxxxxxx [mailto:solprovider@xxxxxxxxx] De la part 
> de solprovider@xxxxxxxxxx Envoyé : lundi 15 octobre 2007 10:11 À : 
> users@xxxxxxxxxxxxxxxx Objet :  RE: Problems with 
> ProxyPassReverseCookieDomain
>
> An "example.com" Cookie will be sent to www.example.com and www1.example.com.
>
> Questions for troubleshooting:
> Is www.example.com receiving the Cookie?  (Should be yes.) Is 
> www.example.com sending the Cookie when proxying to www1.example.com?  
> Is www1.example.com receiving the Cookie?  (Both should be yes, but 
> mod_proxy breaks in every other release.  This
> 2.2.1 changes state this issue was fixed.) Does the server software on 
> www1.example.com check the Domain field on incoming Cookies and ignore 
> Cookies from parent domains?  (Would mean overengineering. If the 
> Cookie arrives, use it.)
>
> When you write "parameters", do you mean HTTP Headers, QueryString 
> parameters, POST parameters, part of the URL, or something else?
>
> The parameters issue may require mod_rewrite.  Ttry this:
> RewriteEngine On
> RewriteRule ^/site/(.*)$ http://www1.example.com/$1 [P]
>
> solprovider
>
> ===
> From: Skiff Lad
> On: 20071002 14:59
> I seem to have a problem / misunderstanding regarding the use of the 
> ProxyPassReverseCookieDomain directive on 2.2.4 on Windows.
>
> I have www.example.com running 2.2.4. Within the httpd.conf file, I 
> have a number of redirect directive statements that send a user, based 
> on the URL, eg. www.example.com/site1 to www1.example.com etc. This 
> all works fine so that the user arrives on the www1 box and there is a 
> cookie correctly set with name www1.example.com
>
> It now transpires that I need to use ProxyPass to pass the parameters 
> coming in on the request to www.example.com onto www1.example.com - as 
> redirect doesn't send these initial parameters across.
>
> So, my httpd.conf file (on www.example.com) now looks like:
>
> ProxyPass /site1 http://www1.example.com ProxyPassReverse /site1 
> http://www1.example.com ProxyPassReverseCookieDomain www1.example.com 
> www.example.com
>
> But nothing seems to be happening. When I access 
> www.example.com/site1, there is a cookie correctly created (with the 
> right contents etc), however, it is named simply example.com, ie.
> there is no www. nor www1. prefixing - this breaks subsequent 
> processing on the www1.example.com box because there is no cookie 
> named accordingly.
>
> What am I doing wrong ? Do I need anything else ? Or am I being plain stupid ?
>
> Thanks
> Skiff

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux