I posted this question on the spring framework forum but haven't gotten a response and thought maybe somebody here had seen this problem or knew how I might resolve it.
I have the unenviable job of integrating Apache with tomcat to serve up apps that use acegi/spring security. (appfuse) I can get apache to front end the apps ok using Apache 2.2.4 and mod_proxy_ajp. For the most part, everything works correctly except the "remember me" function. We set a cookie with a 30 day expiration for the remember me session but this only works properly when hitting the tomcat context directly. When coming in through port 80 (apache) The JSESSIONID cookie path doesn't match the path set in the ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE so the session isn't recognized and the user has to log in (receiving mismatched cookies again ad infinitum). I believe that this is the root cause, but I don't know how to resolve it. I tried forcing the default url for remember me to match the context of the tomcat app but this didn't change the behavior. Any clues would be greatly appreciated. Here's the cookie content: Name: ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE > Content: > cmljazoxMTc5Nzk2ODYyNTM3OmI1OTViOWIyYjc0MzExNmRjZDM0ZGNjNWE4NmZiNWY2 > Host:quantum.dbt.com > Path: /quantum > Send for: Anytype > Expires:[30 days from now] > > Name: username > Content: rick > Host:quantum.dbt.com > Path: /quantum/ > Send for: Anytype > Expires:[30 days from now] > > Name: JSESSIONID > Content:E020C6E36F4A39298055924443CF1704 > Host: quantum.dbt.com > Path:/ > Send For: Any > Expires: at end of session > Notice How the path in the JSESSIONID cookie doesn't match the path in the hashed remember me cookie. When I delete cookies and hit tomcat directly, the paths match and remember me works perfectly. I tried setting the default in security.xml to a fully qualified path but that had no effect other than to break the login entirely. -- View this message in context: http://www.nabble.com/Remember-Me-Cookie-issue-%28Apache-Tomcat%29-Acegi-tf3717779s2369.html#a10400995 Sent from the AppFuse - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
