Proxy URL Rewrite and Cookies

missionhq · 2021-09-15 00:28:04

I am configuring an MVC web application behind a reverse proxy that is performing URL Rewrite and am having problems with session checks and cookies.
My reverse proxy (I've tried HaProxy and Apache) is doing a URL Rewrite and removing the first part of the URL, so a URL on the WEB as...

https://MyWebAddress/server1/root/login

gets passed the the mORMot server at the backend after a URL rewrite as

http://backendserverIP/root/login

But then subsequent calls to

CurrentSession.CheckAndRetrieve(@lCookieData,TypeInfo(TCookieData));

are returning a session ID of 0 and CookieData is empty. I also checked the web client and there is no cookie stored in the browser.
If change the proxy so the external URL matches the internal one then all works OK.
I am guessing it is related to the URL mis-match but any suggestions on a solution?

ab · 2021-09-15 07:01:09

What is supported in TRestHttpServer.Request is

 cookie Path=/hostroot... -> /...

not the other way round.

Could you investigate what should be changed?

missionhq · 2021-09-16 04:26:29

Thanks for pointing me in the right direction AB

Set-Cookie in the header was being returned my mORMot with "Path=/root".
I'm now using HaProxys "http-response header replace value" ACL to modify this back to the requesters original path, so the final returned header has Set-Cookie with "Path=server1/root" (I think this is the correct way to do this - it's not mORMots job

All good - and no changes to the excellent mORMot

mORMot Open Source

#1 2021-09-15 00:28:04

Proxy URL Rewrite and Cookies

#2 2021-09-15 07:01:09

Re: Proxy URL Rewrite and Cookies

#3 2021-09-16 04:26:29

Re: Proxy URL Rewrite and Cookies

Board footer