Persist session when using sendRedirect

[gigi...@gmail.com]

Hi,

For one of our projects on Hippo Enterprise 7.9.7 we are using a standard Hippo component ( extending BaseHstComponent ) to check that our users are logged in ( they jump with a sessionID attached ) and then redirect them to a landing page with some information added on the session.

What we do in our /uas controller page is check that sessionID via a REST service and then we do a sendRedirect to another page.

We tried the following:

request.getSession().setAttribute("uasSession", uasSession);

and after that one of the following two:

response.sendRedirect(redirectLocation);

or

sendRedirect(spfgoto, request, response);

On localhost everything works fine, but on our QA / LIVE systems the session information is lost because there are different sessions between /uas and /landing ( different session objects, different JSESSION ids ).

We have a nginx loadbalancer in place but it's properly configured, so that is not the ones causing the issue ( at least that's what our IT Operations have told us, we talked about sticky sessions and topics like that, it's not the case )

Any ideas?

Best regards,

Alex

[gigi...@gmail.com]

Hi,

After further investigating we found that Hippo sets the cookie for the response on the "/site" path, but that is never accessed.'

1. Set-Cookie:
   JSESSIONID=C85090049520653C843B4CD7D5ECF14F; Path=/site/; HttpOnly
2. But it should be set on the "/", since we never access "/site" through the loadbalancer.

Any ideea how to configure that?

Best regards,

Alex

[Ard Schrijvers]

Hey Alex,

if you have httpd in front (or nginx but then you need to add the
nginx quivalent) you have to make sure the site virtualhost also gets:

ProxyPassReverseCookiePath /site /

See [1]

Regards Ard

[1] http://www.onehippo.org/library/deployment/configuring/configure-apache-httpd-web-server-for-cms-and-sites.html

> --
> Hippo Community Group: The place for all discussions and announcements about
> Hippo CMS (and HST, repository etc. etc.)
>
> To post to this group, send email to hippo-c...@googlegroups.com
> RSS:
> https://groups.google.com/group/hippo-community/feed/rss_v2_0_msgs.xml?num=50
> ---
> You received this message because you are subscribed to the Google Groups
> "Hippo Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to hippo-communi...@googlegroups.com.
> Visit this group at http://groups.google.com/group/hippo-community.
> For more options, visit https://groups.google.com/d/optout.



--
Hippo Netherlands, Oosteinde 11, 1017 WT Amsterdam, Netherlands
Hippo USA, Inc.- 745 Atlantic Ave, Eight Floor, Boston MA 02111,
United states of America.

US +1 877 414 4776 (toll free)
Europe +31(0)20 522 4466
www.onehippo.com

[gigi...@gmail.com]

Hi,

Simple solution but somehow a hell to implement in nginx.

Do you know of a solution implemented that works? So far we only got nginx to set the cookie path to double slash : "//"

1. Set-Cookie:
   JSESSIONID=401C20196A1F6023CAA89B272C459FD3; Path=//; HttpOnly

Regards,
Alex

[gigi...@gmail.com]

Hi,

We managed to get it working but I still have an issue:

On the first request we have the following Response header:

Set-Cookie:JSESSIONID=8A5573F2D05770930DBAE4A9F19CD4D3; Path=/; HttpOnly

On the second request it's there in "Request headers" : JSESSIONID=8A5573F2D05770930DBAE4A9F19CD4D3

But the application still does a new Set-Cookie: JSESSIONID=0DAC7C8F3DE026879E5F21C998BA1A61; Path=/; HttpOnly

Are we doing something wrong in the code? I tried both response.sendRedirect and the sendRedirect from HstResponseUtils

Best regards,

Alex

[Jeroen Reijn]

Not sure why this happens. I also wonder if you have multiple website nodes, instead of just one? That way you could just end up at a different site node unless you have sticky sessions.

Jeroen

--

Hippo Community Group: The place for all discussions and announcements about Hippo CMS (and HST, repository etc. etc.)
 
To post to this group, send email to hippo-c...@googlegroups.com
RSS: https://groups.google.com/group/hippo-community/feed/rss_v2_0_msgs.xml?num=50
---
You received this message because you are subscribed to the Google Groups "Hippo Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hippo-communi...@googlegroups.com.
Visit this group at http://groups.google.com/group/hippo-community.
For more options, visit https://groups.google.com/d/optout.

--

Jeroen Reijn
Hippo

Amsterdam office - Oosteinde 11, 1017 WT Amsterdam

Boston office - 745 Atlantic Ave, Eight Floor, Boston MA 02111, United states of America.

US +1 877 414 4776 (toll free)
Europe +31(0)20 522 4466
www.onehippo.com

http://blog.jeroenreijn.com | @jreijn | http://about.me/jeroenreijn

[gigi...@gmail.com]

Hi Jeroen,

We have only one node for the moment. I suspect it's nginx related, because it doesn't set the routing cookie ( and persist correctly ) if there is only one server behind the loadbalancer.

Currently our IT Operations are fixing the 2nd node, after that we can try again and see if the issue still occurs.

From what I read and tried in the last days this doesn't seem to be a code issue.

If someone else runs into issues with nginx and the cookie path you can use one of the following:

• proxy_cookie_path /site "" ( because rewriting to / produces a path of "//" in the cookie )
  
• setting in the site web.xml :

  <session-config>
        <cookie-config>
            <http-only>true</http-only>
            <secure>true</secure>
            <path>/</path>
        </cookie-config>
        <tracking-mode>COOKIE</tracking-mode>
  </session-config>

• setting sessionCookiePath in context.xml

!!! Using any of these will break everything running under /site, like /site/_cmsrest ( preview ) so do not use this for the node where you have your CMS instance.

Best regards,

Alex