Using nginx as a reverse proxy for tomcat results in new jsessionids for every ssl request

Question

I am using nginx as a reverse proxy for a tomcat setup, and everything works fine for the MOST part, the only issue I am having is that every request to an http address results in a new JSESSION ID being created(this doesn't happen in http), here is the relevant part of the NGINX configuration:

location / {

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;

            proxy_set_header X-Forwarded-Proto https;
            proxy_redirect off;
            proxy_connect_timeout      240;
            proxy_send_timeout         240;
            proxy_read_timeout         240;
            proxy_pass http://localhost:8080;
      }

Any idea why I am constantly genning new jsessionids?

score 4 · Accepted Answer · answered Sep 11 '12 at 09:51

4

Add the following snippet to your configuration file and try again:

if ($http_cookie ~* "jsessionid=([^;]+)(?:;|$)") {
    set $co "jsessionid=$1";
}
proxy_set_header Cookie "$co";

answered Sep 11 '12 at 09:51

quanta

50,327
19
152
213

score 0 · Answer 2 · answered Dec 19 '19 at 11:35

In my environment this behavior was caused by Tomcat or the servlet was expecting a different cookie path due to changing the root while proxying:

Setting the path via proxy_cookie_path helped:

location / {
    proxy_pass http://localhost:8080/webapp/;
    proxy_cookie_path /webapp/;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

Using nginx as a reverse proxy for tomcat results in new jsessionids for every ssl request

2 Answers2

Linked