Apache + Tomcat = no cookies and no session id

I'm answering my own question in case someone comes upon this discussion via a search for the same problem.

To reiterate: when an application that was developed using Tomcat was moved to an Apache + Tomcat system, session management quit working. The orginal session management used cookies but url rewriting also did not work.

The basic problem is that Apache is being used as a reverse proxy in this configuration. The application in question is proxied by the following Apache directive:

ProxyPass /alias http://localhost:8082/my_application

The version of Apache in question, 1.3, does not have the capability of re-writing the cookie header so incoming cookies that are associated with the 'alias' context are not associated with the my_application context when Tomcat gets the request from Apache.

The simple solution is to change the ProxyPass directive to eliminate the mapping. This solution worked in my case but may not be possible if it is necessary to map one or more aliases to a single application.

URL rewriting does not work in this situation because Apache does not recognize the ;JSESSIONID= for what it is. Apache considers this to be part of the context name and a 404 will result for any url with a session id in it.

Apparently this can be remedied with a rewrite rule:

<IfModule mod_rewrite.c>

RewriteEngineon

# Force URLs with a jsessionid to go to Tomcat. Necessary because

# Apache doesn't recognise that the semi-colon is special.

RewriteRule^(/.*;jsessionid=.*)$$1 [T=jserv-servlet]

</IfModule>

I have not tried the rewrite rule so you are on your own here.

Apache versions 2.2.x do have the capability to correctly re-write cookie headers via the ProxyPassReverseCookiePath directive.

beekya at 2007-7-8 22:12:36 >