Hi Chris, Sorry for the late reply, I wound up working from home yesterday, and access to the server was less than ideal I'm just gonna dump the Headers from the login get, through to when it dumps me back out at the login.
##Login #request POST /login HTTP/1.1redacted.site.io User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://redacted.site.io/login Cookie: ib=0c270113fc19aebbd07dd40bb401a3695d17cd722fa5d0b3743cfb8c7ef87836 Connection: keep-alive #response HTTP/1.1 200 OK Cache-Control: no-cache, no-store, must-revalidate, max-age=0 Connection: keep-alive Content-Length: 0 Content-Type: text/html;charset=utf-8 Date: Tue, 03 Feb 2015 10:52:07 GMT Location: http://redacted.site.io/login/challenge Server: nginx/1.6.2 (Ubuntu) Set-Cookie: ib=0c270113fc19aebbd07dd40bb401a3695d17cd722fa5d0b3743cfb8c7ef87836; path=/; expires=Tue, 03 Feb 2015 10:57:07 -0000; HttpOnly X-XSS-Protection: 1; mode=block x-content-type-options: nosniff x-frame-options: SAMEORIGIN #request GET /login/challenge HTTP/1.1redacted.sitename.io Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 en-US,en;q=0.5 gzip, deflate http://redacted.sitename.io/login ib=0c270113fc19aebbd07dd40bb401a3695d17cd722fa5d0b3743cfb8c7ef87836 keep-alive #response HTTP/1.1 200 OK nginx/1.6.2 (Ubuntu) Tue, 03 Feb 2015 10:47:37 GMT text/html;charset=utf-8 chunked keep-alive no-cache, no-store, must-revalidate, max-age=0 1; mode=block nosniff SAMEORIGIN ib=0c270113fc19aebbd07dd40bb401a3695d17cd722fa5d0b3743cfb8c7ef87836; path=/; expires=Tue, 03 Feb 2015 10:52:37 -0000; HttpOnly gzip ##Challenge #request POST /login/challenge HTTP/1.1redacted.site.io User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://redacted.site.io/login/challenge Cookie: ib=0c270113fc19aebbd07dd40bb401a3695d17cd722fa5d0b3743cfb8c7ef87836 Connection: keep-alive #response HTTP/1.1 200 OK Cache-Control: no-cache, no-store, must-revalidate, max-age=0 Connection: keep-alive Content-Length: 0 Content-Type: text/html;charset=utf-8 Date: Tue, 03 Feb 2015 10:50:03 GMT Location: http://redacted.site.io/statements Server: nginx/1.6.2 (Ubuntu) Set-Cookie: ib=0c270113fc19aebbd07dd40bb401a3695d17cd722fa5d0b3743cfb8c7ef87836; path=/; expires=Tue, 03 Feb 2015 10:55:03 -0000; HttpOnly X-XSS-Protection: 1; mode=block x-content-type-options: nosniff x-frame-options: SAMEORIGIN #Request for /statements #request GET /statements HTTP/1.1redacted.site.io User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://redacted.site.io/login/challenge Cookie: ib=0c270113fc19aebbd07dd40bb401a3695d17cd722fa5d0b3743cfb8c7ef87836 Connection: keep-alive #response HTTP/1.1 302 Found Cache-Control: no-cache, no-store, must-revalidate, max-age=0 Connection: keep-alive Content-Length: 0 Content-Type: text/html;charset=utf-8 Date: Tue, 03 Feb 2015 10:50:03 GMT Location: http://redacted.site.io/login Server: nginx/1.6.2 (Ubuntu) Set-Cookie: ib=0c270113fc19aebbd07dd40bb401a3695d17cd722fa5d0b3743cfb8c7ef87836; path=/; expires=Tue, 03 Feb 2015 10:55:03 -0000; HttpOnly X-XSS-Protection: 1; mode=block x-content-type-options: nosniff x-frame-options: SAMEORIGIN ##Redirect GET /login HTTP/1.1redacted.site.io User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://boyle.fern.io/login/challenge Cookie: ib=f7e8f6d4823853063b94e16a1f5252b06b62de621361f67ac6fdeca7259c0ec3 Connection: keep-alive HTTP/1.1 200 OK Cache-Control: no-cache, no-store, must-revalidate, max-age=0 Connection: keep-alive Content-Encoding: gzip Content-Type: text/html;charset=utf-8 Date: Tue, 03 Feb 2015 11:02:06 GMT Server: nginx/1.6.2 (Ubuntu) Set-Cookie: ib=f7e8f6d4823853063b94e16a1f5252b06b62de621361f67ac6fdeca7259c0ec3; path=/; expires=Tue, 03 Feb 2015 11:07:06 -0000; HttpOnly Transfer-Encoding: chunked X-XSS-Protection: 1; mode=block x-content-type-options: nosniff x-frame-options: SAMEORIGIN Kind Regards, Rory -----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: 30 January 2015 17:18 To: Tomcat Users List Subject: Re: Session being dropped in Virtual Host in 8.0.9 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Rory, On 1/30/15 11:01 AM, Rory Kelly wrote: > I apologise in advance if the formatting is absolutely terrible. Actually, it was totally readable ;) >> Are you using cookies for session-tracking? > >> Can you watch the HTTP conversation to see what's being sent back and >> forth during that workflow? LiveHttpHeaders is great for Firefox, and >> these days Chrome, Firefox, and IE have something similar built-into >> them. > >> From the looks of it, the cookie is storing the session ID. > Server - nginx/1.6.2 (Ubuntu) Date - Fri, 30 Jan 2015 15:52:35 GMT > Content-Type - text/html;charset=utf-8 Transfer-Encoding - chunked > Connection - keep-alive Cache-Control - no-cache, no-store, > must-revalidate, max-age=0 X-XSS-Protection - 1; mode=block > x-content-type-options - nosniff x-frame-options - SAMEORIGIN > Set-Cookie - > ib=da7f36e0f53827383a262940d2f75fcef8bbb32b57bd3fced7149ae6a8bf4e3a; > path=/; expires=Fri, 30 Jan 2015 15:57:35 -0000; HttpOnly > Content-Encoding - gzip Everything in the HTTP requests seem fine, > except the response from my POST at the Challenge point, where, > instead of a 200, I'm receiving a 302. This is what tipped me off that > it was the session that was causing the issue. This is only one response from the server, and it's not clear what the request was. Can you post: 1. Request to protected resource (and response) 2. Request to login page (and response) 3. Request which is the submission of the login form (and response) ... and it sounds like here is where the session is lost 4. The next request, which evidently has lost the session (and response) >> field... or at least whatever your clients DNS will resolve to your >> server. That may actually be "virtual1" but I just thought I'd >> mention it. It shouldn't have any >bearing on the session-handling, >> unless your web application switches hostnames by telling a client >> requesting "virtual1" that it should redirect to >"testsitex.site.io" >> or vice-versa. > > I went ahead and changed this as well, as it does seem like a good > practice to use. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUy7ysAAoJEBzwKT+lPKRYvhIQAKyd2NgVsXPYh83RfvEGneW2 jKvc1BwRZMntweaFFX8mJ8jih+eLncTZlYo2OyqyUGYfiZS54us+yjUh11UmAVZx Qpb9nGDL2YRnM5yTyyYxW2FRXzzwexIvIkGj9w/DoBbiNh8PMWhZxTKXX/X9xsqL pPJrRxufz7bIzwLmfk3zxwwRXLtip5nhU+EHOOPn0rIs3w6kt7C87D/oLnLp/MOc sfLTcNy/espidpAs2O4KNtrCYZ4Ou8+EoW+KKBYyAtlmd4kQgPG5tPfSR/2FM0Ji mk+mfnJ3eoYcjeIapmLajvZ10zrNWSsrlmxdo0KTnxss9cnZ7C/lKmdy2HsS3bYF Hm1i30GTtvZRLgEZjpinGRck+4QDZSuSLwNdirbex7oSzyxC88UviRvPjMq+bvcR wfbFYuE6GplSKKmWWj3a4slcdEsXEguvtVPCHdSBmn5/lWxbTRmw68khKV8yhzbQ hO5eQoErK0ZoijmwxNSjZRcxJMPpgPzN+JtH8Rq/4L19JAdEqJCvWOPU86/iqr1i uebkQCDYYXyAtrTClcB8vJ5kiBHfcYuy11O8uPQvv097QFEMHXbimYTmgDlPBYDz vtRHAdirjm7393Lp8ko9cn4yeFlsyVHJocbMWADWIB+1cpDfGfDPA0dFwqE2HU4b IMuJLhaHW22aHIn5OIHu =KoLf -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
