Re: apache does not preserve user session of tomcat

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Krist,

Tomcat sends session ids in cookies to the user. The developers haven’t set any domain values. They are just using tomcat as is. 

Everything works as expected when using the webapp directly on the tomcat server.

Before editing httpd.conf, on the tomcat side: how to set the correct cookiedomain in the webapp?

Thanks.



--- On Mon, 21/4/08, Krist van Besien <krist.vanbesien@xxxxxxxxx> wrote:

> From: Krist van Besien <krist.vanbesien@xxxxxxxxx>
> Subject: Re:  apache does not preserve user session of tomcat
> To: users@xxxxxxxxxxxxxxxx, melanie_pfefer@xxxxxxxxxxx
> Date: Monday, 21 April, 2008, 2:32 PM
> On Mon, Apr 21, 2008 at 8:57 AM, Melanie Pfefer
> <melanie_pfefer@xxxxxxxxxxx> wrote:
> > hi again,
> >
> >  I am using apache as a reverse proxy to a tomcat
> server running ssl. In httpd.conf:
> >
> >  SSLProxyEngine On
> >  SSLProxyCACertificatePath /usr/local/apache2/conf/ssl
> >  RewriteRule ^/(abc.*) https://backend:8443/$1 [P,L]
> >
> >  and url proxying is working.
> >  however I noticed that the tomcat user session is not
> preserved. How to preserve the user session?
> 
> That depends. What does tomcat use to preserve the user
> session? Does
> everything work as expected when using the  webapp directly
> on the
> tomcat server?
> 
> What it might be is that your webapp sends a cookie, but
> not with the
> right cookiedomain set. In this case the client's
> browser will not
> sent the cookie back, and your webapp won't know who
> the request comes
> from.
> 
> Possible solutions:
> - Ask the developers to set the correct cookiedomain in the
> webapp.
> - You may need to set the ProxyPassReverseCookieDomain and
> ProxyPassReverseCookiePath directives. See:
> http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypassreversecookiedomain
> 
> Krist
> 
> 
> -- 
> krist.vanbesien@xxxxxxxxx
> krist@xxxxxxxxxxxxx
> Bremgarten b. Bern, Switzerland
> --
> A: It reverses the normal flow of conversation.
> Q: What's wrong with top-posting?
> A: Top-posting.
> Q: What's the biggest scourge on plain text email
> discussions?
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest:
> users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail:
> users-help@xxxxxxxxxxxxxxxx


      __________________________________________________________
Sent from Yahoo! Mail.
A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux