below is my httpd.conf configuration. I have tomcat server as backend server and I am using apache webserver as proxy to my tomcat server.
Below configuration is working fine for all the web pages where session is not required.
When investigated further, I had observed JSESSIONID is changing on every web request meaning, that ID is not getting persisted when request and response are going via Apache http server.
Please note that, when I tried to expose tomcat server directly to web JSESSIONID is persistent and is working as expected. However as security requirement, we need to use tomcat server as backend internal server only.
So I am not sure why apache http server is not liking to handle JSESSIONID properly. Request your help on the same and guide me what I am missing in my configuration.
Note: We don't need any load balancer setup so I am not considering mod_proxy_balancer module at this moment.
<VirtualHost *:443>
ServerName www.external.com
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
AddOutputFilterByType SUBSTITUTE text/html
ProxyPreserveHost off
ProxyPass / http://localhost:8080/internal/
ProxyPassReverse / http://localhost:8080/internal/
Substitute "s|http://localhost:8080/internal|https://www.external.com|i"
SSLProtocol all
SSLEngine on
SSLCertificateFile C:/keys/site/external_cert.cer
SSLCertificateKeyFile C:/keys/site/www_internal_private.p12.pri.pem
SSLCertificateChainFile C:/keys/site/Intermediate_CA.cer
</VirtualHost>
Apache web server is Apache 2.4 and tomcat engine is Tomcat 8.5
Follow serverfault answer by adding Set-Cookie Header:
In the end I just had to add the following line to my VirtualHost configuration, which changes all cookie paths from /WEBAPP_NAME to / (root):
Header edit Set-Cookie "^(.*; Path=)/WEBAPP_NAME/?(.*)" $1/$2