mod_auth_cas and cookies?
Josh Kelley
joshkel at gmail.com
Thu Aug 2 18:31:40 EDT 2007
I'm trying to use mod_auth_cas for authentication on a Apache reverse
proxy, and it seems to be preventing the proxy from correctly passing
cookies.
Example:
browser requests http://proxyserver/
proxy forwards to http://realserver/
realserver adds a Set-Cookie: realsessionid cookie in its reply
proxyserver passes Set-Cookie: realsessionid header back to browser
browser includes Cookie: realsessionid header in subsequent requests
Without mod_auth_cas enabled on proxyserver, everything works. With
mod_auth_cas enabled, even though the browser includes the
realsessionid cookie in subsequent requests (along with the
MOD_AUTH_CAS cookie), only the MOD_AUTH_CAS cookie is included in the
proxy's forwarded requests to the real server; the realsessionid
cookie is absent.
Any suggestions?
Josh Kelley
More information about the cas
mailing list