Session Invalid when using AJP

Question

I have the following setup: Apache running the front end (AngularJS)
Tomcat 7 Running back end (Spring MVC, Spring Security)

Apache Config

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

LoadModule proxy_module libexec/apache2/mod_proxy.so
LoadModule proxy_ajp_module libexec/apache2/mod_proxy_ajp.so

ProxyRequests     off
ProxyPreserveHost on

ProxyPass         /api/  ajp://132.230.166.21:8009/OntoRais/api/
ProxyPassReverse  /api/  ajp://132.230.166.21:8009/OntoRais/api/

Alias /rais &quot;/home/bwright/Repositories/ontology-toolchain/WebClient&quot;
&lt;Directory &quot;/home/bwright/Repositories/ontology-toolchain/WebClient&quot;&gt;
    Order allow,deny
    Allow from all
    Require all granted
&lt;/Directory

</VirtualHost>

As one can see I pass all api calls to the tomcat server using the ajp protocol.

Tomcat Config (Server.xml)

Nothing changed from clean install apart from:

<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"  enableLookups="false"/>

Now when I try to access a tomcat resource via the front end I get 403

HTTP Status 403 - Full authentication is required to access this resource accessing /OntoRais/api/user

In the tomcat server log I get

13:25:10.034 [ajp-bio-8009-exec-7] DEBUG o.s.s.w.s.SessionManagementFilter - Requested session ID ED0779DC647DEE3C58DEA7059C260594 is invalid. 

When accessing the same resource via the bowser directly to the tomcat server http://localhost:8080/OntoRais/api/user everything works fine.

Edit

To clarify, 132.230.166.21 is the same machine as localhost. I changed the configuration to say localhost without any change.

Hope someone here can help me out with this thanks Benedict

Answer 1

The Problem was with setting the SESSIONID after adding

ProxyPassReverseCookiePath /OntoRais /

to the apache settings, all worked.