Re: HTTPS to HTTP proxy server that talks to a Jboss server running Tomcat...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Mar 27, 2009 at 1:37 PM, Krist van Besien
<krist.vanbesien@xxxxxxxxx> wrote:
> On Fri, Mar 27, 2009 at 9:19 AM, Mike Lyon <mike.lyon@xxxxxxxxx> wrote:
>
>> So the problem I am having is that I can reach the site from the outside via
>> the NAT'd IP of the proxy server but when I try to login to the app, it will
>> come up and say, "your session has timed out. Please try again." So I went
>> to the proxy server locally and brought up firefox and went to the internal
>> HTTP webserver directly and I was able to log in just fine.
>
> Looks like some session information is being lost.

I just realis it might be a cookie problem. Often a webapplication
will give a cookie back to the browser upon succesfull login. However,
when the browser doesn't present this cookie with all following
requests the webapplication will think the requests come from a
browser not (or no longer) authenticated.
On reason why this sometimes happens is that the cookiedomain is set
to the hostname of the application server.

So waht happens is this:
Browser sends request to www.website.com, which forwards the request
to interalappserver.
User gets a login page, and logs in. The response contains a cookie
with cookiedomain "interalappserver".
The next request the browser sends will not contain the cookie, as the
browser ill only send cookies with cookiedomain "website.com". Result:
the appserver things the session is invalid or has expired.

Solution.
a) have your app server generate cookies with the correct domain.
Generally it is often a good idea to configure an appserver sitting
behind a proxy as if it was on the proxy itself. Ie set its base url,
cookiedomain etc to values you would set it if there was no proxy.
b) Look at translating the cookies on the proxy server. Look at:
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypassreversecookiedomain

Krist

-- 
krist.vanbesien@xxxxxxxxx
krist@xxxxxxxxxxxxx
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux