08 Mar 11 Modify JSESSIONID cookie path with apache and mod_headers
The question is: how can I change the path of the JSESSIONID cookie for a web application deployed in tomcat, jboss, or any other AS, and served by an apache reverse proxy (ProxyPass on mod_proxy, or jkMount on mod_jk) to add a trailing slash?
The answer is in mod_headers module. This module supports perl regular expression that you can use to substitute a string with another on any HTTP header, on the request or on the response.
We may want to add a trailing slash (mypath/) to the JSESSIONID cookie path, for example for security reasons.
This is the correct way (apache >= 2.2.4):
Header edit Set-Cookie "^(JSESSIONID=.*; Path=/YOUR_APP_PATH)(.*)$" "$1/$2"
eg:
Header edit Set-Cookie "^(JSESSIONID=.*; Path=/jsp-examples)(.*)$" "$1/$2"
The first attribute defines the regular expression that matches against the string that must be edited (the SESSIONID header in this case), the second attribute is the expression of the new string (the sessionid with the path modified with a trailing slash). Note that the expression begins with ‘^‘ character (it means: the string must begin with).
This kind of regexp defines that each match pattern is enclosed into brackets, so the first match is anything that begins with “JSESSIONID=”, have some kind of sub string (.*), and then contains “; Path=/jsp-examples”.
The second match is anything on the right of the path (.*).
The second argument implies that the string is composed by the first match, a slash, then the second match. So we have a cookie called JSESSIONID with a trailing slash added in the path.
If you don’t understand perl regular expression well, I advice you to get deeper into it, because it’s very very very useful for any sysadmin. There is very good documentation in internet, try to google “perl regular expression examples”.
Apache httpd is a very good and powerful piece of code, and it’s generally possible to do anything you can thinking of. You have only to know where to search, and the manual is generally the right place.
Ciao, Dino.
Search
Follow me!
Donate if it helped
Addresses are all on the same line!
XMR (Monero):
49ao1APy599ekbFRWCLgZw8CXKhUrke9
Q3GqjJBf9agG6NkHhQ3arxjbBmvYbBrm
ewEZas1Xvxngy6bivqx92nBZQzjq9LS
Thanks!
Latest news
- dam2k/tadoapi and telegraf-dam2ktado
- Dashboarding Fritz!box router with telegraf, influxdb and grafana
- Dashboarding Linux system metrics with Telegraf, InfluxDB, Grafana
- Firefox and Chrome screen share (meet) not working on Debian 12 with Gnome 43 and Wayland
- How to create persistent Queues, Exchanges, and DLXs on RabbitMQ to avoid loosing messages
Categories
- Commercial news (6)
- General (43)
- General news (21)
- Linux OS (61)
- Notes (16)
- Open source (61)
- Sysadmin pills (63)
- What I'm doing (20)
- What's hot (24)
Cloud
Last comments
- dAm2K su Adafruit 4-Digit 7-Segment Display Backpack on raspberry pi in C
- Erik su Adafruit 4-Digit 7-Segment Display Backpack on raspberry pi in C
- Kyle su Adafruit 4-Digit 7-Segment Display Backpack on raspberry pi in C
- Kyle su Adafruit 4-Digit 7-Segment Display Backpack on raspberry pi in C
- dAm2K su Adafruit 4-Digit 7-Segment Display Backpack on raspberry pi in C
Stack Overflow
IPv6 Certified (he.net)
Lascia un commento