My web app is running in Tomcat at http://localhost:8080/example.com/ but it is being reverse proxied from Apache that is serving up http://example.com/ on port 80. My web app looks at the request.getHeader("x-forwarded-host") header to know that it is behind a reverse proxy. When it detects this (dynamically) it builds URLs without the servlet path on them.
This works fine for everything except for the JSESSIONID cookie. It gets set with a path of /example.com instead of / when it is accessed through the reverse proxy. I can't figure out how I can have my code tell Tomcat to override the path for that cookie when there is a x-forwarded-host header on the request.
I've tried setting the JSESSIONID cookie from the web app myself, but that just results in two Set-Cookie headers, only one of which is correct.
Best Answer
Tomcat6 uses the Servlet 2.3 spec. It does not support changing the cookie path either through code or Tomcat configuration.
I got it to work from the Apache side with some
mod_proxydirectives. TheProxyPassReverseCookiePathdirective does exactly what I want. It takes the cookie from Tomcat with the incorrect path and rewrites it to the correct path.