Hi there We have an Apache httpd configuration issue in combination with SSI, a servlet container and the session id. Problem Description We are using Apache httpd as a front-end and a transparent cache with a servlet container behind of it. Cache hits are returned transparently by the cache, cache misses are processes by the servlet container. Cache hits may contain SSI instructions. These includes are doing requests to the servlet container. The first incoming request does not have a JSESSIONID variable set in its cookie (Request Header). Scenario 1: Cache Hit, Two SSI Virtual Includes The cache hit does not create a http session in the servlet container. The SSI module does two requests to the servlet engine to include the requested snippets. Now, there are two sessions in the servlet container. One for each request done by the SSI module. The client (Web Browser) does not get one of these JSESSIONID’s in the response header. (set-cookie) Scenario 2: Cache Miss,Two SSI Virtual Includes The request is processed by the servlet container and a HTTP session is created. The two virtual includes processed by the SSI module are creating another two sessions. The client gets the JSESSIONID created by the initial request in the response header. Target There must be only one session and we have to guarantee, that all requests from a certain web browser are using the same HTTP session. The virtual include requests have access to the initial cookie values. Is there a possibility to modify the RequestHeader after processing the initial request and before executing the SSI filter? Citation http://httpd.apache.org/docs/2.0/mod/mod_headers.html: “The RequestHeader directive is processed just before the request is run by its handler.” This is too early. If this would be possible, we can handle at least scenario 2. We could copy the JSESSIONID from the set-cookie header back to the cookie field in the RequestHeader. Then the requests processed by the virtual includes should have access to them. The problem can be generalized. Is it somehow possible to access cookie values set in the initial request by the following virtual includes.? Does someone know a solution? Thanks a lot & cheers, Ueli ___________________________________________________________________
Ueli Kurmann IKE* externer Mitarbeiter CSS Versicherung Tribschenstrasse 21 / Postfach 2568 CH-6002 Luzern Telefon +41 (0)58 277 11 11 Telefax +41 (0)58 277 12 12 ueli.kurm...@css.ch www.css.ch ___________________________________________________________________ CSS Kranken-Versicherung AG, CSS Versicherung AG, INTRAS Kranken-Versicherung AG, INTRAS Versicherung AG, Arcosana AG --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
