Tuckey Proxy Rewrites Dropping the User Session

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Tuckey Proxy Rewrites Dropping the User Session

Ryan Simmons
We are running into a session bug having to do with Tuckey URL Rewrites (via proxy). We are running a 3.6.2 site.

We have Tuckey rewriting URLs that looks like this: www.website.com/products?region=US&lang=1 to look like this: www.website.com/us/en/products. We are handling this via a proxy rewrite in Tuckey. So far, so good. All pages display the right content for the right region in the right language.

We are authenticating users against a third-party legacy data service, using a DotCMS user session. This works correctly as well.

But if a user attempts to access a Tuckey-rewritten URL, their session seems to magically disappear. If we manually remove the tuckey-additions from the URL, the session magically comes back and they are logged in once again.

Digging into this yesterday, we figured out that the IP address attached to a user session on a normal URL is different from the IP address attached to a session when using a Tuckey URL. It looks like Tuckey proxying is grabbing either the local IP address or the IP address of a CDN server between the user and the DotCMS server.

So, here's the question...

What can we do to preserve the user session and our SEO-friendly URLs? Is this something we can change in the Tuckey plugin, or something we can change with Apache settings? Is there something we can do in DotCMS itself?

Ryan

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/b594795f-36ee-4114-ab77-e0e2fa11fb3f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Tuckey Proxy Rewrites Dropping the User Session

Jason Tesser-2
try adding this to the <to ..> of the proxy 
drop-cookies="false"
so 
<to .. drop-cookies="false" ...>

I am assuming from what you said that the to is using type="proxy"

On Fri, Aug 25, 2017 at 11:31 AM Ryan Simmons <[hidden email]> wrote:
We are running into a session bug having to do with Tuckey URL Rewrites (via proxy). We are running a 3.6.2 site.

We have Tuckey rewriting URLs that looks like this: www.website.com/products?region=US&lang=1 to look like this: www.website.com/us/en/products. We are handling this via a proxy rewrite in Tuckey. So far, so good. All pages display the right content for the right region in the right language.

We are authenticating users against a third-party legacy data service, using a DotCMS user session. This works correctly as well.

But if a user attempts to access a Tuckey-rewritten URL, their session seems to magically disappear. If we manually remove the tuckey-additions from the URL, the session magically comes back and they are logged in once again.

Digging into this yesterday, we figured out that the IP address attached to a user session on a normal URL is different from the IP address attached to a session when using a Tuckey URL. It looks like Tuckey proxying is grabbing either the local IP address or the IP address of a CDN server between the user and the DotCMS server.

So, here's the question...

What can we do to preserve the user session and our SEO-friendly URLs? Is this something we can change in the Tuckey plugin, or something we can change with Apache settings? Is there something we can do in DotCMS itself?

Ryan

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/b594795f-36ee-4114-ab77-e0e2fa11fb3f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/CALDe1GOO2AzEk2_3ojTAOZUXpVO4WxFEjPoUYsp2vNYg6PhoCg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Tuckey Proxy Rewrites Dropping the User Session

Ryan Simmons
Thanks! Would this be done in our Tuckey plugin? Or in a config file?

On Friday, August 25, 2017 at 12:10:47 PM UTC-4, LORDs_diakonos wrote:
try adding this to the <to ..> of the proxy 
drop-cookies="false"
so 
<to .. drop-cookies="false" ...>

I am assuming from what you said that the to is using type="proxy"

On Fri, Aug 25, 2017 at 11:31 AM Ryan Simmons <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="fCPokDjzDQAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">greatam...@...> wrote:
We are running into a session bug having to do with Tuckey URL Rewrites (via proxy). We are running a 3.6.2 site.

We have Tuckey rewriting URLs that looks like this: <a href="http://www.website.com/products?region=US&amp;lang=1" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.website.com%2Fproducts%3Fregion%3DUS%26lang%3D1\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHHZmILmYHS_IqJ00D_Gr9PdMBgDA&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.website.com%2Fproducts%3Fregion%3DUS%26lang%3D1\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHHZmILmYHS_IqJ00D_Gr9PdMBgDA&#39;;return true;">www.website.com/products?region=US&lang=1 to look like this: <a href="http://www.website.com/us/en/products" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.website.com%2Fus%2Fen%2Fproducts\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEyxalqazHPunV1acjKaNubXHX0LQ&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.website.com%2Fus%2Fen%2Fproducts\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEyxalqazHPunV1acjKaNubXHX0LQ&#39;;return true;">www.website.com/us/en/products. We are handling this via a proxy rewrite in Tuckey. So far, so good. All pages display the right content for the right region in the right language.

We are authenticating users against a third-party legacy data service, using a DotCMS user session. This works correctly as well.

But if a user attempts to access a Tuckey-rewritten URL, their session seems to magically disappear. If we manually remove the tuckey-additions from the URL, the session magically comes back and they are logged in once again.

Digging into this yesterday, we figured out that the IP address attached to a user session on a normal URL is different from the IP address attached to a session when using a Tuckey URL. It looks like Tuckey proxying is grabbing either the local IP address or the IP address of a CDN server between the user and the DotCMS server.

So, here's the question...

What can we do to preserve the user session and our SEO-friendly URLs? Is this something we can change in the Tuckey plugin, or something we can change with Apache settings? Is there something we can do in DotCMS itself?

Ryan

--
<a href="http://dotcms.com" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fdotcms.com\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGFT4ej1MQxQ2vu3iAUqYQgS59efw&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fdotcms.com\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGFT4ej1MQxQ2vu3iAUqYQgS59efw&#39;;return true;">http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to <a href="javascript:" target="_blank" gdf-obfuscated-mailto="fCPokDjzDQAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">dotcms+un...@googlegroups.com.
To post to this group, send email to <a href="javascript:" target="_blank" gdf-obfuscated-mailto="fCPokDjzDQAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">dot...@....
To view this discussion on the web visit <a href="https://groups.google.com/d/msgid/dotcms/b594795f-36ee-4114-ab77-e0e2fa11fb3f%40googlegroups.com?utm_medium=email&amp;utm_source=footer" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/d/msgid/dotcms/b594795f-36ee-4114-ab77-e0e2fa11fb3f%40googlegroups.com?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/msgid/dotcms/b594795f-36ee-4114-ab77-e0e2fa11fb3f%40googlegroups.com?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;">https://groups.google.com/d/msgid/dotcms/b594795f-36ee-4114-ab77-e0e2fa11fb3f%40googlegroups.com.
For more options, visit <a href="https://groups.google.com/d/optout" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;">https://groups.google.com/d/optout.

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/419a0e43-b63e-4780-9e58-c685fb55ec92%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Tuckey Proxy Rewrites Dropping the User Session

ryan_ethode
In reply to this post by Jason Tesser-2
Thanks LORDs_diakonos, there a way to do this in an OSGI plugin, rather than in a static plugin?

On Friday, August 25, 2017 at 12:10:47 PM UTC-4, LORDs_diakonos wrote:
try adding this to the <to ..> of the proxy 
drop-cookies="false"
so 
<to .. drop-cookies="false" ...>

I am assuming from what you said that the to is using type="proxy"

On Fri, Aug 25, 2017 at 11:31 AM Ryan Simmons <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="fCPokDjzDQAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">greatam...@...> wrote:
We are running into a session bug having to do with Tuckey URL Rewrites (via proxy). We are running a 3.6.2 site.

We have Tuckey rewriting URLs that looks like this: <a href="http://www.website.com/products?region=US&amp;lang=1" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.website.com%2Fproducts%3Fregion%3DUS%26lang%3D1\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHHZmILmYHS_IqJ00D_Gr9PdMBgDA&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.website.com%2Fproducts%3Fregion%3DUS%26lang%3D1\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHHZmILmYHS_IqJ00D_Gr9PdMBgDA&#39;;return true;">www.website.com/products?region=US&lang=1 to look like this: <a href="http://www.website.com/us/en/products" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.website.com%2Fus%2Fen%2Fproducts\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEyxalqazHPunV1acjKaNubXHX0LQ&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.website.com%2Fus%2Fen%2Fproducts\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEyxalqazHPunV1acjKaNubXHX0LQ&#39;;return true;">www.website.com/us/en/products. We are handling this via a proxy rewrite in Tuckey. So far, so good. All pages display the right content for the right region in the right language.

We are authenticating users against a third-party legacy data service, using a DotCMS user session. This works correctly as well.

But if a user attempts to access a Tuckey-rewritten URL, their session seems to magically disappear. If we manually remove the tuckey-additions from the URL, the session magically comes back and they are logged in once again.

Digging into this yesterday, we figured out that the IP address attached to a user session on a normal URL is different from the IP address attached to a session when using a Tuckey URL. It looks like Tuckey proxying is grabbing either the local IP address or the IP address of a CDN server between the user and the DotCMS server.

So, here's the question...

What can we do to preserve the user session and our SEO-friendly URLs? Is this something we can change in the Tuckey plugin, or something we can change with Apache settings? Is there something we can do in DotCMS itself?

Ryan

--
<a href="http://dotcms.com" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fdotcms.com\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGFT4ej1MQxQ2vu3iAUqYQgS59efw&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fdotcms.com\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGFT4ej1MQxQ2vu3iAUqYQgS59efw&#39;;return true;">http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to <a href="javascript:" target="_blank" gdf-obfuscated-mailto="fCPokDjzDQAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">dotcms+un...@googlegroups.com.
To post to this group, send email to <a href="javascript:" target="_blank" gdf-obfuscated-mailto="fCPokDjzDQAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">dot...@....
To view this discussion on the web visit <a href="https://groups.google.com/d/msgid/dotcms/b594795f-36ee-4114-ab77-e0e2fa11fb3f%40googlegroups.com?utm_medium=email&amp;utm_source=footer" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/d/msgid/dotcms/b594795f-36ee-4114-ab77-e0e2fa11fb3f%40googlegroups.com?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/msgid/dotcms/b594795f-36ee-4114-ab77-e0e2fa11fb3f%40googlegroups.com?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;">https://groups.google.com/d/msgid/dotcms/b594795f-36ee-4114-ab77-e0e2fa11fb3f%40googlegroups.com.
For more options, visit <a href="https://groups.google.com/d/optout" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;">https://groups.google.com/d/optout.

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/4e11bc6d-8296-4c60-990a-9420cbdb48f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Tuckey Proxy Rewrites Dropping the User Session

Jason Tesser-2
In reply to this post by Ryan Simmons
wherever you create the rule

it is part of the rule 

On Mon, Aug 28, 2017 at 2:25 PM Ryan Simmons <[hidden email]> wrote:
Thanks! Would this be done in our Tuckey plugin? Or in a config file?


On Friday, August 25, 2017 at 12:10:47 PM UTC-4, LORDs_diakonos wrote:
try adding this to the <to ..> of the proxy 
drop-cookies="false"
so 
<to .. drop-cookies="false" ...>

I am assuming from what you said that the to is using type="proxy"

On Fri, Aug 25, 2017 at 11:31 AM Ryan Simmons <[hidden email]> wrote:
We are running into a session bug having to do with Tuckey URL Rewrites (via proxy). We are running a 3.6.2 site.

We have Tuckey rewriting URLs that looks like this: www.website.com/products?region=US&lang=1 to look like this: www.website.com/us/en/products. We are handling this via a proxy rewrite in Tuckey. So far, so good. All pages display the right content for the right region in the right language.

We are authenticating users against a third-party legacy data service, using a DotCMS user session. This works correctly as well.

But if a user attempts to access a Tuckey-rewritten URL, their session seems to magically disappear. If we manually remove the tuckey-additions from the URL, the session magically comes back and they are logged in once again.

Digging into this yesterday, we figured out that the IP address attached to a user session on a normal URL is different from the IP address attached to a session when using a Tuckey URL. It looks like Tuckey proxying is grabbing either the local IP address or the IP address of a CDN server between the user and the DotCMS server.

So, here's the question...

What can we do to preserve the user session and our SEO-friendly URLs? Is this something we can change in the Tuckey plugin, or something we can change with Apache settings? Is there something we can do in DotCMS itself?

Ryan

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/419a0e43-b63e-4780-9e58-c685fb55ec92%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/CALDe1GMLwWmn2xc-WGFskPBXG_WzXTUtwTQfW5dbX_cJE4jg6Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.