Forwarding session and cookie requests from httpd to Tomcat

Main Content

Forwarding session and cookie requests from httpd to Tomcat

Archive - Originally posted on "The Horse's Mouth" - 2008-12-14 13:53:35 - Graham Ellis
If you're using mod_proxy to forward requests that use sessions to other servers, you need to ensure that the cookies get correctly rewritten as they're sent to the browser for setting, in order to reflect the URL of the customer facing server rather than the back end server.

Here's an example where we have forwarded all requests to our front facing server for a web application called /henry to a back end server on our internal network at 192.168.200.218, on port 5050, to a web application called /latmjdemo.

ProxyRequests Off

<Proxy *>

  Order deny,allow

  Allow from all

</Proxy>

ProxyPass /henry http://192.168.200.218:5050/latmjdemo

ProxyPassReverse /henry http://192.168.200.218:5050/latmjdemo

ProxyPassReverseCookiePath /latmjdemo /henry

The ProxyPassReverse is required in order for redirect URLs (such as the sort you generate if you leave the trailing slash off a directory request), and the ProxyPassReverseCookiePath is required in order to allow the back end server to correctly set cookies in the user's browser.

Here's an example of a test page that we've accessed via an httpd process running on 192.168.200.215, which has called up a session / cookie based application running on Tomcat on 192.168.200.218 - the configuration file above is off 192.168.200.215

The source code for that .jsp page may be found here. Example written in answer to a training customer's query / during a practical session. See course details.