Session lost in Jetty using Apache as proxy

apache-2.2 reverse-proxy apache-2.4 mod-proxy jetty

5,397

The following Apache configuration resolves the issue:

ServerName  domain.com
ProxyRequests       off
ProxyPass       /myapp   http://localhost:8899/exist/apps/myapp
ProxyPassReverse       /myapp   http://localhost:8899/exist/apps/myapp
ProxyPassReverseCookiePath /exist /

It changes the path from /exist to / in cookies so the session is properly mapped to the path.

In certain cases the following directive may be required to change the domain in cookies too (but it was not needed in my case):

ProxyPassReverseCookieDomain localhost domain.com

I've found even more details on stackoverflow.

5,397

lagivan

Updated on September 18, 2022

Comments

lagivan almost 2 years
I have an application based on eXist-db. It's basically a Java web application that uses Jetty. It runs on the remote Linux server behind Apache proxy.

I use the following Apache configuration:
```
ServerName  domain.com
ProxyRequests       off
ProxyPass       /myapp   http://localhost:8899/exist/apps/myapp
ProxyPassReverse       /myapp   http://localhost:8899/exist/apps/myapp
```
Everything works fine except the sessions. On each request the session is renewed. It means the request Cookie header does not contain JSESSIONID but the response Set-Cookie header is something like JSESSIONID=oryq5odyt3f79xxax25n7x0h;Path=/exist. Also I check the session id in the application that confirms the session is new every time.

I've tried three testing scenarios:

Testing scenario A:
- Client: Windows 7, Google Chrome
- Server: Ubuntu 12.04.4 LTS (GNU/Linux 3.11.0-26-generic x86_64), proxy Apache/2.4.9
Testing scenario B:
- Client: Windows 7, Google Chrome
- Server: CentOS release 6.6 (Final), proxy Apache/2.2.15
Testing scenario C (local):
- Client: Windows 7, Google Chrome
- Server (the same laptop): Windows 7, no proxy
The issue appears in both scenarios A and B but not in C.

Any ideas how to make sessions work?
- dawud about 9 years
  
  Have you tried any research at all? wiki.eclipse.org/Jetty/Howto/Configure_mod_proxy
- lagivan about 9 years
  
  @dawud don't doubt I did research and read that Howto before asking here several times. Nothing related to sessions although I might have missed something. I'm not using mod_proxy_balancer so it cannot be related to stickysession. I also tried to rename JSESSIONID in Jetty configuration to see if it might be conflicting with something - no change. I've asked here because all my ideas did not work and I'm waiting on the mailing list for eXist-db. But it's clearly not eXist-db related stuff, so I've asked here.
- Federico Sierra about 9 years
  
  The problem is probably related to the context path, and jetty is probably setting a path on the cookie of /exist/apps/myapp, while the browser sees a path of /myapp. Check how to set the cookie path for sessions in jetty. Alternately, just make the context path the same.
- dawud about 9 years
  
  you are using mod_proxy and you are not configuring sticky session, is there more than just one backend?
- lagivan about 9 years
  
  @dawud, from what I've understood from that Howto, it requires specific configuration only when using load balancing. I have not found any specific configuration required for my basic case. So if you know something beyond that link above, please suggest. Also why downvote? I've tried quite a lot of different scenarios and investigated both the server side configuration and the client cookies in order to pinpoint the issue.
- lagivan about 9 years
  
  @FedericoSierra, your suggestion appeared to be correct and helped to resolve the issue using ProxyPassReverseCookiePath directive.