I had a customer today who had problems using Tomcat sessions after configuring his application to run through mod_proxy_ajp. Everything worked correctly when hitting the application correctly on port 8080, but any attempts to hit the site through Apache and mod_proxy_ajp would result in the sessions not being saved, and a new session being created on every request.
The problem is that Tomcat is sending a Set-Cookie header with the Path that it knows about – which is different than what the browser is requesting.
The application is at http://www.mydomain.com/, and mod_proxy_ajp is redirecting that to http://localhost:8009/myapp/.
Here is the HTTP Response Headers that Tomcat is sending
HTTP/1.1 200 OK Date: Sun, 28 Oct 2007 01:39:44 GMT Set-Cookie: JSESSIONID=TOMCAT_SESSION_ID_HERE; Path=/myapp Content-Type: text/html;charset=ISO-8859-1 Content-Length: 11234 Connection: close
You can see in the Set-Cookie header that it is setting a cookie path of /myapp. The browser receives this and will only send that cookie back on requests sent for requests beginning with /myapp. Fortunately Apache 2.2 includes the ProxyPassReverseCookiePath directive to rewrite the Set-Cookie headers on these requests. You can configure a virtual host like this:
<VirtualHost *:80> ServerName www.realdomain.com ProxyRequests Off ProxyPass / ajp://127.0.0.1:8009/myapp/ ProxyPassReverse / ajp://127.0.0.1:8009/myapp/ ProxyPassReverseCookiePath /myapp / </VirtualHost>
And now the HTTP Response headers look like this:
HTTP/1.1 200 OK Date: Sun, 28 Oct 2007 01:39:44 GMT Set-Cookie: JSESSIONID=TOMCAT_SESSION_ID_HERE; Path=/ Content-Type: text/html;charset=ISO-8859-1 Content-Length: 11234 Connection: close
The browser now sees that the cookie is for / and will send the JSESSIONID cookie for all requests to this server.