Topic: Apache Reverse Proxy and Cookies

[matsch25]

Hi,

I have configured Apache as a reverse proxy to make my internal domain mydomain.loc accessible from the Internet via mydomain.com.
My internal servers use cookies to enable a single sign-on for domain mydomain.loc, which works fine. The cookies provided are valid for the whole domain, not only the server.
So, if I point my browser to server1.mydomain.loc with cookie warnings enabled, I see a cookie that is valid for mydomain.loc.

In httpd.conf, I have enabled "ProxyPassReverseCookieDomain" and "ProxyPreserveHost".

I can access all my local servers via reverse proxy, e.g. server1.mydomain.loc is accessible via server1.mydomain.com. Fine.

The only issue I still face is the rewriting of the authentication cookies. I get the same cookie (with domain changed to mydomain.com), but the reverse proxy changes the scope of these cookies from domain to server.

So, if I point my browser to server1.mydomain.com, I get the correct cookie but, it is now only valid for server server1.mydomain.com, not for mydomain.com.

This breaks my single sign-on.

So, my question: Is there any way to preserve the initial domain scope in the cookies and only change the domain via reverse proxy? What I would like to accomplish is getting a domain cookie that is valid for mydomain.com instead of getting cookies that are only valid for a specific server.

Any help is highly appreciated!
Thx a lot!
MatSch

[James Blond]

You add more than one domain.

from the docs:
ProxyPassReverseCookieDomain internal-domain public-domain [interpolate]

ProxyPassReverseCookieDomain internal-domain public-domain second-public-domain third-public-domain n-public-domain