In v4.2.x, as part of security tightening, some fixes were done in the area of cookie handling. Unfortunately, these security fixes have the potential to break existing proxy rules/settings. If this is the case, then users will notice there will be no app cookies stored in the browser.
...
Step 1: Update the front end server (Apache) proxy setting as below. The example given below is for the Apache web serverwebserver.
Code Block | ||
---|---|---|
| ||
ProxyPass /<instance-name1>/ "ajp://<tomcat-ip-addr>:8009/<instance-name1>/" ProxyPassReverse /<instance-name1>/ "ajp://<tomcat-ip-addr>:8009/<instance-name1>/" ProxyPass /<instance-name2>/ "ajp://<tomcat-ip-addr>:8009/<instance-name2>/" ProxyPassReverse /<instance-name2>/ "ajp://<tomcat-ip-addr>:8009/<instance-name2>/" Example: ProxyPass /openspecimen-test/ "ajp://127.0.0.1:8009/openspecimen-test/" ProxyPassReverse /openspecimen-test/ "ajp://127.0.0.1:8009/openspecimen-test/" ProxyPass /openspecimen-prod/ "ajp://127.0.0.1:8009/openspecimen-prod/" ProxyPassReverse /openspecimen-prod/ "ajp://127.0.0.1:8009/openspecimen-prod/" |
Step 2: Restart the web server webserver (Apache).
Step 3: Change the "Application URL" in settings as below:
...
Way 2: When Tomcat is used as a front end server and Tomcat settings don't allow sending cookies to the server.
Step 1: Secure="True" does not allow the browser to store cookies. Change the Secure attribute value from "True" to "False".
Code Block | ||
---|---|---|
| ||
<Connector port="8081" protocol="HTTP/1.1" connectionTimeout="20000" Secure="True" redirectPort="8443" /> |
...