#1 2021-09-15 00:28:04

missionhq
Member
From: Australia
Registered: 2019-06-11
Posts: 33

Proxy URL Rewrite and Cookies

I am configuring an MVC web application behind a reverse proxy that is performing URL Rewrite and am having problems with session checks and cookies.
My reverse proxy (I've tried HaProxy and Apache) is doing a URL Rewrite and removing the first part of the URL, so a URL on the WEB as...

https://MyWebAddress/server1/root/login

gets passed the the mORMot server at the backend after a URL rewrite as

http://backendserverIP/root/login

But then subsequent calls to

CurrentSession.CheckAndRetrieve(@lCookieData,TypeInfo(TCookieData));

are returning a session ID of 0 and CookieData is empty. I also checked the web client and there is no cookie stored in the browser.
If change the proxy so the external URL matches the internal one then all works OK.
I am guessing it is related to the URL mis-match but any suggestions on a solution?

Offline

#2 2021-09-15 07:01:09

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,655
Website

Re: Proxy URL Rewrite and Cookies

What is supported in TRestHttpServer.Request is

 cookie Path=/hostroot... -> /...  

not the other way round.

Could you investigate what should be changed?

Offline

#3 2021-09-16 04:26:29

missionhq
Member
From: Australia
Registered: 2019-06-11
Posts: 33

Re: Proxy URL Rewrite and Cookies

Thanks for pointing me in the right direction AB

Set-Cookie in the header was being returned my mORMot with "Path=/root".
I'm now using HaProxys "http-response header replace value" ACL to modify this back to the requesters original path, so the final returned header has Set-Cookie with "Path=server1/root" (I think this is the correct way to do this - it's not mORMots job smile

All good - and no changes to the excellent mORMot smile

Offline

Board footer

Powered by FluxBB