On Fri, Mar 27, 2009 at 1:37 PM, Krist van Besien <krist.vanbesien@xxxxxxxxx> wrote: > On Fri, Mar 27, 2009 at 9:19 AM, Mike Lyon <mike.lyon@xxxxxxxxx> wrote: > >> So the problem I am having is that I can reach the site from the outside via >> the NAT'd IP of the proxy server but when I try to login to the app, it will >> come up and say, "your session has timed out. Please try again." So I went >> to the proxy server locally and brought up firefox and went to the internal >> HTTP webserver directly and I was able to log in just fine. > > Looks like some session information is being lost. I just realis it might be a cookie problem. Often a webapplication will give a cookie back to the browser upon succesfull login. However, when the browser doesn't present this cookie with all following requests the webapplication will think the requests come from a browser not (or no longer) authenticated. On reason why this sometimes happens is that the cookiedomain is set to the hostname of the application server. So waht happens is this: Browser sends request to www.website.com, which forwards the request to interalappserver. User gets a login page, and logs in. The response contains a cookie with cookiedomain "interalappserver". The next request the browser sends will not contain the cookie, as the browser ill only send cookies with cookiedomain "website.com". Result: the appserver things the session is invalid or has expired. Solution. a) have your app server generate cookies with the correct domain. Generally it is often a good idea to configure an appserver sitting behind a proxy as if it was on the proxy itself. Ie set its base url, cookiedomain etc to values you would set it if there was no proxy. b) Look at translating the cookies on the proxy server. Look at: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypassreversecookiedomain Krist -- krist.vanbesien@xxxxxxxxx krist@xxxxxxxxxxxxx Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx