skip to Main Content

below is my httpd.conf configuration. I have tomcat server as backend server and I am using apache webserver as proxy to my tomcat server.

Below configuration is working fine for all the web pages where session is not required.

When investigated further, I had observed JSESSIONID is changing on every web request meaning, that ID is not getting persisted when request and response are going via Apache http server.

Please note that, when I tried to expose tomcat server directly to web JSESSIONID is persistent and is working as expected. However as security requirement, we need to use tomcat server as backend internal server only.

So I am not sure why apache http server is not liking to handle JSESSIONID properly. Request your help on the same and guide me what I am missing in my configuration.

Note: We don’t need any load balancer setup so I am not considering mod_proxy_balancer module at this moment.

<VirtualHost *:443>
ServerName www.external.com
ProxyRequests Off
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>
         AddOutputFilterByType SUBSTITUTE text/html
    ProxyPreserveHost off
    ProxyPass / http://localhost:8080/internal/
    ProxyPassReverse / http://localhost:8080/internal/    
    Substitute "s|http://localhost:8080/internal|https://www.external.com|i"                
    SSLProtocol all
    SSLEngine on     
    SSLCertificateFile C:/keys/site/external_cert.cer       
    SSLCertificateKeyFile C:/keys/site/www_internal_private.p12.pri.pem
    SSLCertificateChainFile C:/keys/site/Intermediate_CA.cer
</VirtualHost>

Apache web server is Apache 2.4 and tomcat engine is Tomcat 8.5

2

Answers


  1. Follow serverfault answer by adding Set-Cookie Header:

    In the end I just had to add the following line to my VirtualHost configuration, which changes all cookie paths from /WEBAPP_NAME to / (root):

    Header edit Set-Cookie "^(.*; Path=)/WEBAPP_NAME/?(.*)" $1/$2
    
    Login or Signup to reply.
  2. It is enough to set a hard path to cookies in web.xml:

      <session-config>
        <cookie-config>
          <path>/</path>
        </cookie-config>
      </session-config>
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search