Having a new problem that I think a directive in Pound can fix... I just
don't speak HTTP very well.
Pound is running two instances on Port 80 & 443
When folks log in to secure/443 site, a user cookie is set, and Pound
will handle session management by keeping that user on the same backend
box for 20 min (1200 sec).
We use Websphere for the BackEnd, and went from 5.1.1 to 6.0 when this
So requests come into our environment on 443, Pound takes them, decodes
the SSL, and passes the request to one of the BackEnd servers on port
80... The BackEnd servers ask for log in info, and set a cookie called
user, so that Pound keeps them on the same server. The cookie is set,
but Pound can't keep them on the same server.
In testing, when presented with a new server, we can log on to each
BackEnd Server and the WebSphere box keeps us logged in to each. Pretty
soon we're logged into all of them for every third or fourth request.
So the cookie is set, the browser has it correctly (almost), and the
BackEnd WS boxes keep the user logged in to the each backend system...
but Pound seems to ignore it.
So then I use Mozilla's cookie management tool, and notice that the
cookie user is NOT set as a secure cookie.
Our non-secure site of this domain is a marketing site, having nothing
to do with this transaction. So I think our WS app, because It thinks
its a port 80 machine is sending out cookies for our port 80 marketing
site instead of our port 443 web app.
How do I add/translate the header information for these cookies to
reflect these 443 vs. 80 problem? Is there are directive? How do I
make Pound modify WebSphere's outgoing cookie sets be secure/443 when it
thinks it a non-secure 80 server?
Pound's been very good to us for a few years, and I wear too many hats
to know this HTTP protocol stuff very well,