2

I store session parameters in a Struts2 session map that I get in my actions using the SessionAware interface. My Application is in the /MyApp path.

After setting up the struts2 application on an Apache server with an inverse proxy redirect that makes the URL http://www.appdomain.com/ point to my local tomcat on localhost:8080/MyApp, Struts2 session handling doesn't work anymore. I expect that the session cookies are stored for the Struts2 context of http://localhost:8080/MyApp instead of http://www.appdomain.com/ ...

Is there a solution in Struts2 configuration? Or in programmatically changing the session cookie somehow? Couldn't find any info about this on the interwebs or in the official documentation. Please help, I'm already in production and my logins don't work ;-)

Akku
  • 4,373
  • 4
  • 48
  • 67
  • Have you tried URL re-writing to get the session ID into the URL? – Pat Aug 02 '10 at 19:17
  • Not really, but thats not really what I want to do (pretty URLs as good as possible). In between I found out that the session cookie set by Struts2 is only valid for http://www.appdomain.com/MyApp ... I need a way of changing the struts2 behaviour of setting this namespace. – Akku Aug 03 '10 at 06:29
  • Okay, I already tried setting the JSESSIONID cookie for the user to the sessionId, but found out that still the servlet won't let me do this. Now I'm trying to set it via JavaScript, but I don't seem to get that to work either :-/ – Akku Aug 03 '10 at 10:58

3 Answers3

2

This is old but I found it and would like to drop my 5 cents.

One fix that you can use is to edit the web.xml and in the session-config set something like:

<session-config>
    <session-timeout>10</session-timeout>
    <cookie-config>
        <name>MYAPPSESSIONID</name>
        <path>/</path>
    </cookie-config>
</session-config>

This changes

  • The sessionid cookie from JSESSIONID to MYAPPSESSIONID so it will not collide with other apps that may be exposed on the same proxy
  • The path that the cookie applies. So it will always be sent to the server

Hope this may help others.

gfelisberto
  • 1,655
  • 11
  • 18
1

I just solved the problem with a dirty hack: I passed the Session Id to the JSP and use a javascript to set the needed JSESSIONID cookie clientside.

function createCookie(name,value,days) { if (days) { var date = new Date(); date.setTime(date.getTime()+(days*24*60*60*1000)); var expires = "; expires="+date.toGMTString(); } else var expires = ""; document.cookie = name+"="+value+expires+"; path=/"; }

$(document).ready(function() { createCookie("JSESSIONID","",3); });

Got the JS code from this page: http://www.quirksmode.org/js/cookies.html

Thank you, problem solved!

Best Regards, Tim

Akku
  • 4,373
  • 4
  • 48
  • 67
  • I accepted my answer as no other answers seem to come in. Anyways, I would be happy to hear a better solution still. – Akku Apr 13 '11 at 06:59
0

Put this in your httpd.conf

#all cookies from /MyApp are proxied to "/"
ProxyPassReverseCookiePath /MyApp /

http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreversecookiepath

Leif Gruenwoldt
  • 13,561
  • 5
  • 60
  • 64