Official dAm2K Blog
msgbartop
Blog di Bernardino (Dino) Ciuffetti
msgbarbottom

08 Mar 11 Modify JSESSIONID cookie path with apache and mod_headers

The question is: how can I change the path of the JSESSIONID cookie for a web application deployed in tomcat, jboss, or any other AS, and served by an apache reverse proxy (ProxyPass on mod_proxy, or jkMount on mod_jk) to add a trailing slash?

The answer is in mod_headers module. This module supports perl regular expression that you can use to substitute a string with another on any HTTP header, on the request or on the response.

We may want to add a trailing slash (mypath/) to the JSESSIONID cookie path, for example for security reasons.
This is the correct way (apache >= 2.2.4):

Header edit Set-Cookie "^(JSESSIONID=.*; Path=/YOUR_APP_PATH)(.*)$" "$1/$2"

eg:

Header edit Set-Cookie "^(JSESSIONID=.*; Path=/jsp-examples)(.*)$" "$1/$2"

The first attribute defines the regular expression that matches against the string that must be edited (the SESSIONID header in this case), the second attribute is the expression of the new string (the sessionid with the path modified with a trailing slash). Note that the expression begins with ‘^‘ character (it means: the string must begin with).
This kind of regexp defines that each match pattern is enclosed into brackets, so the first match is anything that begins with “JSESSIONID=”, have some kind of sub string (.*), and then contains “; Path=/jsp-examples”.
The second match is anything on the right of the path (.*).
The second argument implies that the string is composed by the first match, a slash, then the second match. So we have a cookie called JSESSIONID with a trailing slash added in the path.

If you don’t understand perl regular expression well, I advice you to get deeper into it, because it’s very very very useful for any sysadmin. There is very good documentation in internet, try to google “perl regular expression examples”.

Apache httpd is a very good and powerful piece of code, and it’s generally possible to do anything you can thinking of. You have only to know where to search, and the manual is generally the right place.

Ciao, Dino.

Tags: , , , ,
Filed in Sysadmin pills with 0 Comments
«
»

Lascia un commento

CAPTCHA

*

sidebartop

Search

sidebarbottom
sidebartop

Follow me!

sidebarbottom
sidebartop

Donate if it helped

Addresses are all on the same line!
BTC (Bitcoin):
1MnPxjP8RA5gjmSFuQVRd2U1wStecpGpTN

XMR (Monero):
49ao1APy599ekbFRWCLgZw8CXKhUrke9
Q3GqjJBf9agG6NkHhQ3arxjbBmvYbBrm
ewEZas1Xvxngy6bivqx92nBZQzjq9LS

Thanks!

sidebarbottom
sidebartop

Latest news

sidebarbottom
sidebartop

Categories

sidebarbottom
sidebartop

Cloud

ajax apache authority blacklist c ca cipher cookie courier debian dns driver energia energy firewall http https internet ipv6 java library Linux lvm mailserver memory mta nonuke nuclear nucleare NuvolaBase openssl orientdb php policy proxy raspberry pi relaying rest server smtp solaris ssh sysadmin tomcat unix
sidebarbottom
sidebartop

Last comments

sidebarbottom
sidebartop

Stack Overflow

sidebarbottom
sidebartop

IPv6 Certified (he.net)

IPv6 Certification Badge for dam2k
sidebarbottom
© Official dAm2K Blog / Design: Smashing Wordpress Themes