Hi there
We have an Apache httpd configuration issue in combination with SSI, a 
servlet container and the session id. 
Problem Description
We are using Apache httpd as a front-end and a transparent cache with a 
servlet container behind of it. Cache hits are returned transparently by 
the cache, cache misses are processes by the servlet container. Cache hits 
may contain SSI instructions. These includes are doing requests to the 
servlet container. 
The first incoming request does not have a JSESSIONID variable set in its 
cookie (Request Header). 
Scenario 1: Cache Hit, Two SSI Virtual Includes
The cache hit does not create a http session in the servlet container. The 
SSI module does two requests to the servlet engine to include the 
requested snippets. Now, there are two sessions in the servlet container. 
One for each request done by the SSI module. The client (Web Browser) does 
not get one of these JSESSIONID’s in the response header. (set-cookie)
Scenario 2: Cache Miss,Two SSI Virtual Includes
The request is processed by the servlet container and a HTTP session is 
created. The two virtual includes processed by the SSI module are creating 
another two sessions. The client gets the JSESSIONID created by the 
initial request in the response header. 
Target
There must be only one session and we have to guarantee, that all requests 
from a certain web browser are using the same HTTP session. 
The virtual include requests have access to the initial cookie values. Is 
there a possibility to modify the RequestHeader after processing the 
initial request and before executing the SSI filter? 
Citation http://httpd.apache.org/docs/2.0/mod/mod_headers.html: “The 
RequestHeader directive is processed just before the request is run by its 
handler.” This is too early. 
If this would be possible, we can handle at least scenario 2. We could 
copy the JSESSIONID from the set-cookie header back to the cookie field in 
the RequestHeader. Then the requests processed by the virtual includes 
should have access to them. 
The problem can be generalized. Is it somehow possible to access cookie 
values set in the initial request by the following virtual includes.?
Does someone know a solution?
Thanks a lot & cheers,
Ueli
___________________________________________________________________

Ueli Kurmann IKE*
externer Mitarbeiter
CSS Versicherung
Tribschenstrasse 21 / Postfach 2568
CH-6002 Luzern
Telefon +41 (0)58 277 11 11
Telefax +41 (0)58 277 12 12
ueli.kurm...@css.ch
www.css.ch
___________________________________________________________________

CSS Kranken-Versicherung AG, CSS Versicherung AG,
INTRAS Kranken-Versicherung AG, INTRAS Versicherung AG,
Arcosana AG

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to