https://issues.apache.org/bugzilla/show_bug.cgi?id=55734
--- Comment #5 from Mark Thomas <ma...@apache.org> --- The Manager app is certainly not a model application in many respects but it does get the handling of the context path right. Consider session cookies. The application is required to set the cookie path. That is set to the context path. If a proxy changes the the context path neither the application nor the container has any visibility that the path has changed. However for correct, secure operation the session cookie path needs to be changed to match the context path set in the proxy. The only component with the knowledge that the session cookie path needs to be changed and the knowledge of what it needs to be changed to is the proxy. The proxy changes the path and it has to take responsibility for the knock-on effects of that. 302 redirects are another example. The location header is required to be an absolute URI. Again, the proxy is the only place with the knowledge that this needs to be changed and what it should be changed to. Various popular libraries also set custom http headers that include absolute URIs. These too need to be changed. Again, the proxy is the only place that this can be done. Applications should be (and it is treated as a bug if any of the Tomcat provided apps are not) agnostic to the context path they are deployed to in the container. Applications can not be agnostic to changes in the context path introduced by a proxy. Cookie paths and location headers for 302 redirects to are some of the many things that make this impossible. Changing the context path in the proxy is rarely trivial. The more complex the application, the more complex the process of ensuring that it works correctly. By far the simplest approach is to change the context path in the container to match the path used by the proxy. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
