0

I have an application which runs on tomcat behind apache 2.4.6 configured with mod_session_dbd. I need the session info that gets persisted in the database. I see that apache saves the session info as a cookie in the browser as well. But, when I fire a http request, request.getSession().getId() returns a different session id . Its returning the jsessionid created by the tomcat. I need the cookie 'session' at the server end to do some computation. request.getCookies() isn't helping either.
Any pointers?
How do I get the session id which gets persisted by apache in my requests?

Screenshot

Karthick R
  • 599
  • 9
  • 25
  • It's in a cookie. Hard to believe that request.getCookies() doesn't help. – user207421 Sep 05 '13 at 10:56
  • Cookies have the jsession id generated by tomcat.. But the value in the cookie name 'session' is the one which gets persisted in db.. – Karthick R Sep 05 '13 at 13:36
  • Your screenshot shows four cookies of which `JSESSIONID` is the first. Does `request.getCookies()` return all four of those cookies? Did you, by any chance, just grab the first element of the array and use that and forget about the other three cookies? – Ladadadada Sep 05 '13 at 16:56
  • @Ladadadada : The cookie returns only the JSESSIONID. – Karthick R Sep 06 '13 at 06:36

1 Answers1

0

From Apache's documentation:

In a reverse proxy situation where the Apache server acts as a server frontend for a backend origin server, revealing the contents of the session ID cookie to the backend could be a potential privacy violation. When set to on, the session ID cookie will be removed from the incoming HTTP headers.

So, I'd to turn it off to get the session id as a part of the cookie.

SessionDBDCookieRemove Off
Karthick R
  • 599
  • 9
  • 25