ueli.kurmann at css
May 2, 2012, 5:39 AM
SSI, Servlet Container and JSESSIONID (Cookie Values)
We have an Apache httpd configuration issue in combination with SSI, a
servlet container and the session id.
We are using Apache httpd as a front-end and a transparent cache with a
servlet container behind of it. Cache hits are returned transparently by
the cache, cache misses are processes by the servlet container. Cache hits
may contain SSI instructions. These includes are doing requests to the
The first incoming request does not have a JSESSIONID variable set in its
cookie (Request Header).
Scenario 1: Cache Hit, Two SSI Virtual Includes
The cache hit does not create a http session in the servlet container. The
SSI module does two requests to the servlet engine to include the
requested snippets. Now, there are two sessions in the servlet container.
One for each request done by the SSI module. The client (Web Browser) does
not get one of these JSESSIONID’s in the response header. (set-cookie)
Scenario 2: Cache Miss,Two SSI Virtual Includes
The request is processed by the servlet container and a HTTP session is
created. The two virtual includes processed by the SSI module are creating
another two sessions. The client gets the JSESSIONID created by the
initial request in the response header.
There must be only one session and we have to guarantee, that all requests
from a certain web browser are using the same HTTP session.
The virtual include requests have access to the initial cookie values. Is
there a possibility to modify the RequestHeader after processing the
initial request and before executing the SSI filter?
Citation http://httpd.apache.org/docs/2.0/mod/mod_headers.html: “The
RequestHeader directive is processed just before the request is run by its
handler.” This is too early.
If this would be possible, we can handle at least scenario 2. We could
copy the JSESSIONID from the set-cookie header back to the cookie field in
the RequestHeader. Then the requests processed by the virtual includes
should have access to them.
The problem can be generalized. Is it somehow possible to access cookie
values set in the initial request by the following virtual includes.?
Does someone know a solution?
Thanks a lot & cheers,
Ueli Kurmann IKE*
Tribschenstrasse 21 / Postfach 2568
Telefon +41 (0)58 277 11 11
Telefax +41 (0)58 277 12 12
ueli.kurmann [at] css
CSS Kranken-Versicherung AG, CSS Versicherung AG,
INTRAS Kranken-Versicherung AG, INTRAS Versicherung AG,
To unsubscribe, e-mail: users-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd