RE: mainting session cookies with a reverse proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I used the tools and there is no path or domain in the original cookie that
ican see.
I know it is encrypted under MD5 so maybe icant access the cookie and change
it.

Is there a way to hold a cookie with in the prroxy server itself?

Axel-Stephane  SMORGRAV-2 wrote:
> 
> Since your ProxyPass directive does not modify the URL path, you will only
> need ProxyPassReverseCookieDomain.
> 
> Rather than working in the dark, the best approach is to use a tool such
> as Firefox LiveHTTPheaders, or HTTPWatch (MSIE) to observe the cookies
> that are returned by the application server and see what cookie domain
> they contain. If that domain is obviously such that the browser will not
> submit it to the RP, then you definitely need a
> ProxyPassReverseCookieDomain.
> 
> If you use FF but do not have LiveHTPHeaders and do not wish to install
> it, clear all the cookies in your browser (Tools>Options>Privacy>Show
> Cookies>RemoveAllCookies), connect to your application through the RP, and
> then see what cookies have appeared in the "Show Cookies" window. In the
> bottom pane you will see all cookie details, including the path and
> domain. Use that information to determine the right argument to
> ProxyPassReverseCookieDomain.
> 
> 
> -ascs
> 
> -----Message d'origine-----
> De : dertown [mailto:derek.townsend@xxxxxxxxxxxxxx] 
> Envoyé : jeudi 15 novembre 2007 20:03
> À : users@xxxxxxxxxxxxxxxx
> Objet : Re:  mainting session cookies with a reverse proxy
> 
> 
> 
> I am running a reverse proxy to a back end web app with its own sign that
> uses session cookies.
> here is an what i have configured for the proxy
> the web app is an ajax app.
> <virtual host *:443>
> ProxyRequests Off
> ProxySSLEngine On
> 
> ProxyPass / https://appserver.domain.com
> ProxyPassReverse / https://appserver.domain.com
> 
> ProxyPassReverseCookieDomain appserver.domain.com proxy.domain.com
> ProxyPassReverseCookiePath proxy.domain.com /
> 
> </virtualhost>
> that is the example it is withn a 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/mainting-session-cookies-with-a-reverse-proxy-tf4814291.html#a13802763
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux