Forum OpenACS Q&A: Apache reverse proxy and aolserver cookie problem

Hi,

I have a setup where apache is acting as a reverse proxy
for multiple aolserver instances. I am trying to use single
IP for multiple sites. The entry in httpd.conf is as follows

NameVirtualHost *
<VirtualHost *>
    ServerAdmin mailto:abc@abc.com
    ServerName  www.abc.com
    ServerAlias abc.com
    ProxyRequests On
    ProxyPass / http://222.222.222.222:8001/
    ProxyPassReverse / http://222.222.222.222:8001/
    NoCache *
</VirtualHost>

The entry in nsd.tcl is as

set httpport              8001
set httpsport            8443
set hostname            www.abc.com
set address              222.222.222.222

  The problem is with cookies. I am not able to logout when
I access the site using www.abc.com and if I access the site
using www.abc.com:8001 then I am able to logoff. All the
cookies are not being written when I use www.abc.com.

  Any suggestion to solve the problem would be greatly appreciated

Thanks.

Collapse
Posted by David Kuczek on
I am actually setting up Apache as a reverse proxy myself and haven't had much experience with it before, but the problem *might* be with proxypass... You could try:

ProxyPass / http://www.abc.com:8001

Collapse
Posted by Andrew Smith on
Hi David,

            I tried this but the same problem is occuring again.

Thanks and regards,

Collapse
Posted by David Kuczek on
I am not sure if this will help you, but I had a cookie problem with subsites some time ago... This problem only occured on IE. The case was that whenever someone visited myserver.com and then www.myserver.com he couldn't log out. That's why I redirected all requests from myserver.com to www.myserver.com!
Collapse
Posted by David Kuczek on
Hey Andrew,

did you solve the cookie problem?

Did you have to set up anything special to make the regular AOLserver log file work or did it just work whenever you proxied requests through Apache?

Could you post the steps that you followed to set up Apache as a reverse proxy?

Thanks

Collapse
Posted by Andrew Cadman on
I have also been looking at apache proxypass and using a Konqueror client under Linux its easier to see what cookies are being attempted to be written or not.

I have exactly the same problems: i.e. - you cant logoff and also the persistent cookie ad_user_login is not written in the first place.

However, I have discovered that when you try to log off for some reason the browser receives a SECURE ad_user_login cookie with a max age of 0, which of course is useless if you need to destroy a non-persistent session cookie or indeed a persistent insecure ad_user_login cookie.

Collapse
Posted by Andrew Cadman on
OK,

further research has shown that this is actually an apache bug which has been fixed in apache 2.0:

as follows from apache:

...
fix a problem with proxy where each entry of a duplicated
    header such as Set-Cookie would overwrite and obliterate the
    previous value of the header, resulting in multiple header
    values (like cookies) going missing.

...

This is what is happening here -  cookies are going missing because they are being overwritten.

For those of use running apache 1.3x and using proxy to openacs does anyone know of patch for this bug?

Collapse
Posted by Mark Aufflick on
you could be right, since i am running exactly the configuration you describe, on apache 2.0, and can logout no problem.
Collapse
Posted by Tilmann Singer on
Logout and as it seems everything else also works fine for us, with Apache 1.3.263-0woody3 (debian). That's all what is in
<VirtualHost *>:

ProxyPass / http://myhostt:9088/
ProxyPassReverse / http://myhostt:9088/

Also this is a recent HEAD checkout of OpenACS - maybe something changed with the cookie handling.