Hi Jack,

> Hi everyone,
> I'm having trouble setting up Xwiki behind my Reverse Proxy.
> As a reverse proxy I have to use IIS. With ARR and URL Rewrite. The rewrite
> rules are on the default web site and rwrite to http://localhost:port/xwiki 
> (this will later be changed to https)
> Now if I log into my Xwki with a user or an admin, if I click on any link
> the account isn't logged in anymore.
> I don't have this problem with several other applications (for instance
> YouTrack or Nexus), nor does it occur if I bypass the proxy.
> Any ideas would be welcomed.

Is XWiki running as a cluster, so the session needs to be sticky?

One problem I can think of is that the session cookie keeping the login is set 
for the wrong domain.
You can check in the browsers "developer tools" for a "Set-Cookie" header 
coming in from the server.

The alternative is the XWiki-cluster experiences your user's requests coming in 
from different IPs.

Set the "xwiki.authentication.validationKey" and 
"xwiki.authentication.encryptionKey" in xwiki.cfg.
If you keep them at their (commented) defaults, XWiki uses an autogenerated key 
which uses the client-IP
and this causes the user to get logged out if the client IP changes.

hope this helps

> Have a nice day,
> Jack
> --
> View this message in context: 
> http://xwiki.475771.n2.nabble.com/User-Session-not-sticky-behind-IIS8-Reverse-Proxy-tp7588975.html
> Sent from the XWiki- Users mailing list archive at Nabble.com.
> _______________________________________________
> users mailing list
> users@xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users

users mailing list

Reply via email to