>Number: 5124 >Category: mod_proxy >Synopsis: Cookies aren't being passed during a ProxyPass >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Mon Oct 11 07:30:00 PDT 1999 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.4 >Environment: SunOS [host1] 5.6 Generic_105181-12 sun4u sparc SUNW,Ultra-250 WorkShop Compilers 5.0 98/12/15 C 5.0 Apache/1.3.4 (Unix) with mod_perl >Description: I have a pair of matching machines, matching versions of Apache. The FEM (front-end machine) has the following directives:
ProxyPass /secure/reports http://[host2]/bem ProxyPassReverse /secure/reports http://[host2]/bem Users go to FEM/secure/, where they are authenticated against a .htaccess file. They are then redirected to FEM/secure/reports/ and a cookie is set. The redirect is issued, and the browser goes to the new URL. The proxying is successful, but the perl script at http://[host2]/bem/ does not indicate that it ever received the cookie. >How-To-Repeat: Unfortunately, I don't have root on any external systems to provide an example. Make 2 machines. One proxies to the other. One sets a cookie with a path of '/'. It then 302 redirects to a ProxyPass URI. The BEM, which is pretending to be FEM/some/path/ (a URI that should have access to the cookie) never receives the cookie in its proxy call. >Fix: Pass 'em? :-) >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, you need] [to include <[EMAIL PROTECTED]> in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
