Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
875 views
in Technique[技术] by (71.8m points)

tomcat - How to properly set JSESSIONID cookie path behind reverse proxy

My web app is running in Tomcat at http://localhost:8080/example.com/ but it is being reverse proxied from Apache that is serving up http://example.com/ on port 80. My web app looks at the request.getHeader("x-forwarded-host") header to know that it is behind a reverse proxy. When it detects this (dynamically) it builds URLs without the servlet path on them.

This works fine for everything except for the JSESSIONID cookie. It gets set with a path of /example.com instead of / when it is accessed through the reverse proxy. I can't figure out how I can have my code tell Tomcat to override the path for that cookie when there is a x-forwarded-host header on the request.

I've tried setting the JSESSIONID cookie from the web app myself, but that just results in two Set-Cookie headers, only one of which is correct.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Tomcat6 uses the Servlet 2.3 spec. It does not support changing the cookie path either through code or Tomcat configuration.

I got it to work from the Apache side with some mod_proxy directives. The ProxyPassReverseCookiePath directive does exactly what I want. It takes the cookie from Tomcat with the incorrect path and rewrites it to the correct path.

<VirtualHost *:*>
    Servername example.com
    ProxyRequests Off
    ProxyPass / http://localhost:8080/example.com/
    ProxyPassReverseCookiePath /example.com /
    ProxyPassReverseCookieDomain localhost example.com
</VirtualHost>

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...