WordPress behind reverse proxy: Session-cookies not set in Safari & IE

I have a WordPress blog running behind a reverse proxy (Apache).

httpd.vhosts.conf:

Read More
<VirtualHost  *:80>
    ServerName blog.domain.com:80
    ServerAlias www.blog.domain.com
    ProxyPass / http://192.168.101.11/blog/
    ProxyPassReverse / http://192.168.101.11/blog/
</VirtualHost>

The blog works fine, I can log in as admin, but when try to save settings or delete a plugin (and a wp_redirect occurs) I am redirected to the login page, because wordpress obviously doesn’t find/accept the session cookie, and the action doesn’t get completed.

Therefore, I have added this line:

    ProxyPassReverseCookiePath / http://192.168.101.11/blog/

(see Apache proxy cookies works only with the first app)

This seemed to solve the problem. However, I have noticed now, that with this setting, the login does not work at all, but only in Safari and IE (works just fine in Opera, Firefox, Chrome). I just get redirected to the login page again.

Some additional information:

  • The session cookies and wordpress_test_cookie for the admin section are not created at all in Safari, only the ones like "__uc*" etc. (for the blog itself). Without the ProxyPassReverseCookiePath-entry, they are created.
  • I activated cookies for third-party-sites (in both browsers), this didn’t solve the problem.
  • I’ve configured WP-cookies this way:

wp-config.php

define('COOKIE_DOMAIN', '.blog.domain.com');
define('COOKIEPATH', '/');
define('SITECOOKIEPATH', '/');
define('ADMIN_COOKIE_PATH', SITECOOKIEPATH . 'wp-admin' );

Related posts

Leave a Reply

2 comments

  1. Solved it:

    I made a slight mistake in the cookie path configuration. It has to be:

    ProxyPassReverseCookiePath http://192.168.101.11/blog http://blog.domain.com
    
  2. ProxyPassReverseCookiePath performs a transformation of the path attribute of cookies. This attribute contains only a path, so passing a full URL to the directive will not work. I’m not sure why it didn’t work for you without the ProxyPassReverseCookiePath directive, but I assume that WordPress did not respect the COOKIEPATH that you set.

    The correct configuration would be:

    ProxyPassReverseCookiePath /blog/ /
    ProxyPassReverseCookieDomain 192.168.101.11 .blog.domain.com
    

    This will transform both the path and the domain of your cookies, and thus makes the settings you made in wp-config.php obsolete.