0

I have a standard webapp deployed in a Tomcat instance. There are some pages in this webapp that are accessed from one domain via http and some others accessed from another domain via https. I am using proxy passes like this:

<VirtualHost *:80>
ServerName a.somewhere.com 
ProxyPass           /app    http://127.0.0.1:8080/app
ProxyPassReverse    /app    http://127.0.0.1:8080/app
</VirtualHost>

<VirtualHost *:443>
ServerName a-secure.somewhere.com
ProxyPass           /app    http://127.0.0.1:8080/app
ProxyPassReverse    /app    http://127.0.0.1:8080/app

    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
    SSLCertificateFile "..."
    SSLCertificateKeyFile "..."
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    BrowserMatch "MSIE [2-5]" \
     nokeepalive ssl-unclean-shutdown \
     downgrade-1.0 force-response-1.0
</VirtualHost>

The scenario is the following: every page in the webapp is accessed by:

http://a.somewhere.com/app/....

while there are some pages accessed by:

https://a-secure.somewhere.com/app/....

For example when a user is at

http://a.somewhere.com/app/unsecure.jsp

there is a link there to

https://a-secure.somewhere.com/app/secure.jsp

What can I do so as to maintain session information for a user when browsing in such a site?

Thank you in advance.

gpol
  • 966
  • 2
  • 19
  • 30
  • are these sessions stored in cookies? – Jon Lin Aug 08 '12 at 08:10
  • yes. standard jsessionid (which is stored using the full domain and not the subdomain). – gpol Aug 08 '12 at 08:25
  • Not sure if you've already tried this, but [ProxyPassReverseCookieDomain](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypassreversecookiedomain) might allow you to rewrite the domains to `*.somewhere.com` – Jon Lin Aug 08 '12 at 08:30

0 Answers0