The question is: how can I change the path of the JSESSIONID cookie for a web application deployed in tomcat, jboss, or any other AS, and served by an apache reverse proxy (ProxyPass on mod_proxy, or jkMount on mod_jk) to add a trailing slash?
The answer is in mod_headers module. This module supports perl regular expression that you can use to substitute a string with another on any HTTP header, on the request or on the response.
We may want to add a trailing slash (mypath/) to the JSESSIONID cookie path, for example for security reasons.
This is the correct way (apache >= 2.2.4):
Header edit Set-Cookie "^(JSESSIONID=.*; Path=/YOUR_APP_PATH)(.*)$" "$1/$2"
eg:
Header edit Set-Cookie "^(JSESSIONID=.*; Path=/jsp-examples)(.*)$" "$1/$2"
The first attribute defines the regular expression that matches against the string that must be edited (the SESSIONID header in this case), the second attribute is the expression of the new string (the sessionid with the path modified with a trailing slash). Note that the expression begins with ‘^‘ character (it means: the string must begin with).
This kind of regexp defines that each match pattern is enclosed into brackets, so the first match is anything that begins with “JSESSIONID=”, have some kind of sub string (.*), and then contains “; Path=/jsp-examples”.
The second match is anything on the right of the path (.*).
The second argument implies that the string is composed by the first match, a slash, then the second match. So we have a cookie called JSESSIONID with a trailing slash added in the path.
If you don’t understand perl regular expression well, I advice you to get deeper into it, because it’s very very very useful for any sysadmin. There is very good documentation in internet, try to google “perl regular expression examples”.
Apache httpd is a very good and powerful piece of code, and it’s generally possible to do anything you can thinking of. You have only to know where to search, and the manual is generally the right place.
Ciao, Dino.
Addresses are all on the same line!
BTC (Bitcoin):
1MnPxjP8RA5gjmSFuQVRd2U1wStecpGpTN
XMR (Monero):
49ao1APy599ekbFRWCLgZw8CXKhUrke9
Q3GqjJBf9agG6NkHhQ3arxjbBmvYbBrm
ewEZas1Xvxngy6bivqx92nBZQzjq9LS
Thanks!
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
Lascia un commento