Hi,
Sorry, haven't had time until just now, thanks for getting back to me.
I've tried Wireshark, and I've found something interesting.
When requesting the test iframe, the client always makes 3 requests, which I can follow from Chrome's developer console to the proxy log and to Wireshark respectively:
Requests go from port 54336 (Chrome) to 80 (Apache) and then to 9080 (Tomcat) and responses are interleaved as expected.
All requests from the client that get proxied to 9080 have the JSESSIONID cookie with the correct value.
However, I've identified an extra request that happens when I use the proxy. What's weird though, is that the requests doesn't originate on the client, I can't find it going to Apache, only to Tomcat.
It looks like it's an internal Orbeon request, but it still goes through the loopback interface: /fr/service/persistence/crud/orbeon/builder/form/form.xhtml
This request has a different JSESSIONID from the other ones, but I seem to have no control over it.
Also, the Orbeon logs differ in the two usecases, they reflect the extra request and the different session id.
Attached are the capture file for the proxied usecase and the logs for both proxied and direct usecases.
Any clue who might be making that request and why the JSESSIONID might be different?