Hi Frank,
Frank Hamilton schrieb:
[…]
this problem is still in our system, Maria Jesus and me thought that this
solve but no.
We used the org.apache.cocoon.environment.Session to put a user object when
a user login in the aplication.
Then we used XPathMetaModule to get user.name in our pipeline and print the
name in the presentation layer.
If we don't use the apache2 this run Ok but when use apache with mod_cache,
mod_proxy and mod_rewrite the server give us a response with a set-cookie in
headers and some times the name of other user appear in the session of a
user.
We think that the problem is that mod_cache is caching http headers with
cookies and after server this pages with this cookies to someone. Studing
apache2 in more detail found that we can use CacheIgnoreHeaders set-Cookie
directive to avoid the cache save the cookie but this seem not work in the
version 2.2.11 of apache2( or maybe we don know how use it).
just for my understanding: You are caching personalized pages? I guess
I'm missing something, but from a naive point of view, it looks like this:
* User A requests an expired page. The name A is inserted, and this
version is cached.
* Now user B requests the same page. The cached version, including the
name A, is delivered. So B retrieves a page containing A's name.
If you cache personalized pages, you have to make sure that the person
(or session) identifier is included in the cache key. In most cases this
renders the caching useless, though, because of an explosion of the key
space and a reduction of cache key collisions.
Using the directive "CacheIgnoreHeaders Set-Cookie" you avoid that the
jsessionid cookie is ever sent to the client as part of a cached page,
so the session is lost immediately. Actually this makes perfect sense in
a cached, non-personalized environment (I use the same setting), but you
can't combine this directive with (servlet session based) personalization.
Would you mind giving some more information on how you want to achieve
the combination of caching and personalization using the servlet
session? TIA!
-- Andreas
This is the code for our virtual host:
<VirtualHost *:80>
#solo si el sitio requiere autentificacion
ServerAdmin [email protected]
ServerName www.turismopaco.com
ServerAlias lenya
CacheRoot /var/cache/apache2/mod_disk_cache
CacheEnable disk /
CacheDirLevels 5
CacheDirLength 3
CacheIgnoreHeaders Set-Cookie
ProxyRequests Off
RewriteEngine On
#Debug en dev
RewriteLogLevel 3
RewriteLog "/var/cache/apache2/rewrite.log"
#Directorio exporta para videos, descargas,...
RewriteRule ^/export/.*$ /home/paco/pinturex/export/$1
# Se mapean las partes que no son especificas de la publicacion
RewriteRule ^/lenya/(.*) http://www.turismopaco.com:8888/lenya/$1
[P,L]
RewriteRule ^/modules/(.*)
http://www.turismopaco.com:8888/modules/$1 [P,L]
RewriteRule ^/PINTUREX/modules/(.*)
http://www.turismopaco.com:8888/PINTUREX/modules/$1 [P,L]
RewriteRule ^/PINTUREX/resources/(.*)
http://www.turismopaco.com:8888/PINTUREX/resources/$1 [P,L]
#Se realiza un mapeo especifico a la zona de galeria de imagenes
(exclusivamente)
RewriteRule ^/PINTUREX/authoring/galeriaimagenes/(.*)
http://www.turismopaco.com:8888/PINTUREX/authoring/galeriaimagenes/$1 [P,L]
# Se mapea el entorno live
RewriteRule ^/([^/\.]+)$ $1/ [R]
RewriteRule ^/PINTUREX/live/(.*)
http://www.turismopaco.com:8888/PINTUREX/live/$1 [P,L]
RewriteRule ^/captcha\.jpg
http://www.turismopaco.com:8888/captcha.jpg [P,L]
RewriteRule ^/(.*) http://www.turismopaco.com:8888/PINTUREX/live/$1
[P,L]
ProxyPassReverse / http://www.turismopaco.com:8888/PINTUREX/live/
</VirtualHost>
Our page in production is www.turismoextremadura.com, if use tamper data you
can see that the response headers have a set-cookie parameter and this is
send to the client which change his jSession and for this the user object in
the org.apache.cocoon.environment.Session is lost.
Any idea what happened!
TIA!
--
Andreas Hartmann, CTO
BeCompany GmbH
http://www.becompany.ch
Tel.: +41 (0) 43 818 57 01
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
