I have a Servlet + JSP app running on Tomcat. I use mod-ajp to redirect apache on Tomcat using these rewrite rules:
RewriteRule ^/myapp/(.+) ajp://localhost:8009/myapp/$1 [P]
RewriteRule /myapp/(.+) ajp://localhost:8009/myapp/$1 [P]
which works fine with sessions, however, when I use these rewrite rules instead:
RewriteRule ^/subdir1/subdir2/subdir3/myapp/(.+) ajp://localhost:8009/myapp/$1 [P]
RewriteRule /subdir1/subdir2/subdir3/myapp/(.+) ajp://localhost:8009/myapp/$1 [P]
HttpSession.getAttribute("nameOfMyAttribute") returns null. I looks like sessions are "binded" to some kind of home directory which is altered by rewriting rules. Is it possible to force sessions to ignore the subdirectory? Am I missing something there?
Tomcat will set the JSESSIONID cookie's path to be the path of your app. In your case the cookie's path would be /myapp. Web browsers will ignore this cookie on a URL like /subdir1 because it does not match the the cookie's path.
Here are some examples of altering the cookie's path to fix an issue like this: How to properly set JSESSIONID cookie path behind reverse proxy