Use ProxyPassReverseCookieDomain with to maintain Tomcat sessions through mod_proxy_ajp

Posted on October 27th, 2007 in General,Linux System Administration by Brandon

I had a customer today who had problems using Tomcat sessions after configuring his application to run through mod_proxy_ajp. Everything worked correctly when hitting the application correctly on port 8080, but any attempts to hit the site through Apache and mod_proxy_ajp would result in the sessions not being saved, and a new session being created on every request.

The problem is that Tomcat is sending a Set-Cookie header with the Path that it knows about – which is different than what the browser is requesting.

The application is at http://www.mydomain.com/, and mod_proxy_ajp is redirecting that to http://localhost:8009/myapp/.

Here is the HTTP Response Headers that Tomcat is sending

HTTP/1.1 200 OK
Date: Sun, 28 Oct 2007 01:39:44 GMT
Set-Cookie: JSESSIONID=TOMCAT_SESSION_ID_HERE; Path=/myapp
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 11234
Connection: close

You can see in the Set-Cookie header that it is setting a cookie path of /myapp. The browser receives this and will only send that cookie back on requests sent for requests beginning with /myapp. Fortunately Apache 2.2 includes the ProxyPassReverseCookiePath directive to rewrite the Set-Cookie headers on these requests. You can configure a virtual host like this:

<VirtualHost *:80>
    ServerName www.realdomain.com
    ProxyRequests Off
    ProxyPass / ajp://127.0.0.1:8009/myapp/
    ProxyPassReverse / ajp://127.0.0.1:8009/myapp/
    ProxyPassReverseCookiePath /myapp /
</VirtualHost>

And now the HTTP Response headers look like this:

HTTP/1.1 200 OK
Date: Sun, 28 Oct 2007 01:39:44 GMT
Set-Cookie: JSESSIONID=TOMCAT_SESSION_ID_HERE; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 11234
Connection: close

The browser now sees that the cookie is for / and will send the JSESSIONID cookie for all requests to this server.

2 Responses to 'Use ProxyPassReverseCookieDomain with to maintain Tomcat sessions through mod_proxy_ajp'

Subscribe to comments with RSS or TrackBack to 'Use ProxyPassReverseCookieDomain with to maintain Tomcat sessions through mod_proxy_ajp'.

  1. Hatem said,

    on September 16th, 2008 at 3:21 am

    Hi, I have a question about Ruby on Rails sessions.

    I’m planning to use a reverse proxy on production. When I use Firebug to watch the response headers, I see that a header of “Set-Cookie” is set with the same session id on every request.

    Now, with every request from the same user, the reverse proxy will always think it is a new session and hence prevent caching and affect the performance.

    Can you help me to fix this?
    Thank you.

  2. Brandon said,

    on September 16th, 2008 at 9:54 pm

    @Hatem – The fact that you are getting the same session ID seems to indicate that sessions are getting carried through properly. If they weren’t, you would likely get a different session ID on each request. I’m not familiar with how RoR sessions work to know if this is normal or not (PHP doesn’t do it from what I can tell).

Post a comment

Please copy the string CHc3Ej to the field below: