2

I have an application based on eXist-db. It's basically a Java web application that uses Jetty. It runs on the remote Linux server behind Apache proxy.

I use the following Apache configuration:

ServerName  domain.com
ProxyRequests       off
ProxyPass       /myapp   http://localhost:8899/exist/apps/myapp
ProxyPassReverse       /myapp   http://localhost:8899/exist/apps/myapp

Everything works fine except the sessions. On each request the session is renewed. It means the request Cookie header does not contain JSESSIONID but the response Set-Cookie header is something like JSESSIONID=oryq5odyt3f79xxax25n7x0h;Path=/exist. Also I check the session id in the application that confirms the session is new every time.

I've tried three testing scenarios:

Testing scenario A:

  • Client: Windows 7, Google Chrome
  • Server: Ubuntu 12.04.4 LTS (GNU/Linux 3.11.0-26-generic x86_64), proxy Apache/2.4.9

Testing scenario B:

  • Client: Windows 7, Google Chrome
  • Server: CentOS release 6.6 (Final), proxy Apache/2.2.15

Testing scenario C (local):

  • Client: Windows 7, Google Chrome
  • Server (the same laptop): Windows 7, no proxy

The issue appears in both scenarios A and B but not in C.

Any ideas how to make sessions work?

lagivan
  • 149
  • 1
  • 7
  • Have you tried any research at all? https://wiki.eclipse.org/Jetty/Howto/Configure_mod_proxy – dawud May 04 '15 at 21:30
  • @dawud don't doubt I did research and read that Howto before asking here several times. Nothing related to sessions although I might have missed something. I'm not using mod_proxy_balancer so it cannot be related to `stickysession`. I also tried to rename JSESSIONID in Jetty configuration to see if it might be conflicting with something - no change. I've asked here because all my ideas did not work and I'm waiting on the mailing list for eXist-db. But it's clearly not eXist-db related stuff, so I've asked here. – lagivan May 04 '15 at 21:44
  • 1
    The problem is probably related to the context path, and jetty is probably setting a path on the cookie of `/exist/apps/myapp`, while the browser sees a path of `/myapp`. Check how to set the cookie path for sessions in jetty. Alternately, just make the context path the same. – Federico Sierra May 04 '15 at 21:45
  • you **are** using mod_proxy and you **are not** configuring sticky session, is there more than just one backend? – dawud May 04 '15 at 21:48
  • @dawud, from what I've understood from that Howto, it requires specific configuration only when using load balancing. I have not found any specific configuration required for my basic case. So if you know something beyond that link above, please suggest. Also why downvote? I've tried quite a lot of different scenarios and investigated both the server side configuration and the client cookies in order to pinpoint the issue. – lagivan May 04 '15 at 22:00
  • @FedericoSierra, your suggestion appeared to be correct and helped to resolve the issue using ProxyPassReverseCookiePath directive. – lagivan May 05 '15 at 08:25

1 Answers1

2

The following Apache configuration resolves the issue:

ServerName  domain.com
ProxyRequests       off
ProxyPass       /myapp   http://localhost:8899/exist/apps/myapp
ProxyPassReverse       /myapp   http://localhost:8899/exist/apps/myapp
ProxyPassReverseCookiePath /exist /

It changes the path from /exist to / in cookies so the session is properly mapped to the path.

In certain cases the following directive may be required to change the domain in cookies too (but it was not needed in my case):

ProxyPassReverseCookieDomain localhost domain.com

I've found even more details on stackoverflow.

Community
  • 1
lagivan
  • 149
  • 1
  • 7