From 4b19038c91bcc2d6fec582c6d8ef9b8655e3c796 Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Fri, 7 Nov 2025 21:14:37 +0000
Subject: [PATCH 1/3] Fix: Correct proxy mapping to prevent session termination

The `contains` mapping type was truncating the request path for AJAX calls, leading to session errors. This change switches to the `prefix` mapping type to ensure the full path is forwarded to the backend.
---
 apex/WEB-INF/web.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/apex/WEB-INF/web.xml b/apex/WEB-INF/web.xml
index a772458..2f925ec 100644
--- a/apex/WEB-INF/web.xml
+++ b/apex/WEB-INF/web.xml
@@ -32,15 +32,15 @@
     </init-param>
     <init-param>
         <param-name>mapping.3.type</param-name>
-        <param-value>contains</param-value>
+        <param-value>prefix</param-value>
     </init-param>
     <init-param>
         <param-name>mapping.3.path</param-name>
-        <param-value>apex/wwv_flow.ajax?</param-value>
+        <param-value>/apex/wwv_flow.ajax</param-value>
     </init-param>
     <init-param>
         <param-name>mapping.3.url</param-name>
-        <param-value>${baseUrl}/apex/wwv_flow.ajax?</param-value>
+        <param-value>${baseUrl}/apex/wwv_flow.ajax</param-value>
     </init-param>
     <init-param>
         <param-name>mapping.4.type</param-name>

From e570647b49bfc577e8e53e518803ef8107f21ab1 Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Fri, 7 Nov 2025 21:27:36 +0000
Subject: [PATCH 2/3] Fix: Handle redirects to prevent session termination

The servlet was not rewriting the `Location` header in redirect responses from the backend, causing the client's browser to bypass the proxy and terminate the session. This change adds logic to detect redirect responses and rewrite the `Location` header to point back to the proxy server, ensuring session continuity.
---
 SimpleProxyServlet.java | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/SimpleProxyServlet.java b/SimpleProxyServlet.java
index 6dae354..c820c84 100644
--- a/SimpleProxyServlet.java
+++ b/SimpleProxyServlet.java
@@ -122,12 +122,28 @@ protected void service(HttpServletRequest req, HttpServletResponse resp) throws
 		resp.setStatus(responseCode);
 
 		// Forward response headers (excluding Transfer-Encoding)
+		String backendBaseUrl = getServletConfig().getInitParameter("baseUrl");
 		Map<String, List<String>> responseHeaders = conn.getHeaderFields();
 		for (Map.Entry<String, List<String>> entry : responseHeaders.entrySet()) {
 			String headerName = entry.getKey();
 			if (headerName != null && !headerName.equalsIgnoreCase("Transfer-Encoding")) {
-				for (String value : entry.getValue()) {
-					resp.addHeader(headerName, value);
+				if (headerName.equalsIgnoreCase("Location") && (responseCode == 301 || responseCode == 302 || responseCode == 303 || responseCode == 307 || responseCode == 308)) {
+                    String location = entry.getValue().get(0);
+                    if (location.startsWith(backendBaseUrl)) {
+						String proxyBaseUrl = req.getScheme() + "://" + req.getServerName();
+						if (req.getServerPort() != 80 && req.getServerPort() != 443) {
+							proxyBaseUrl += ":" + req.getServerPort();
+						}
+						proxyBaseUrl += req.getContextPath();
+                        String newLocation = location.replace(backendBaseUrl, proxyBaseUrl);
+                        resp.addHeader(headerName, newLocation);
+                    } else {
+                        resp.addHeader(headerName, location);
+                    }
+                } else {
+					for (String value : entry.getValue()) {
+						resp.addHeader(headerName, value);
+					}
 				}
 			}
 		}

From 2565451d0243733272a113e5e78097f1ed9c552f Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Fri, 7 Nov 2025 21:41:46 +0000
Subject: [PATCH 3/3] Fix: Comprehensive fix for session timeouts

This commit addresses two interacting bugs that caused session timeouts:

1.  **Path Matching in Non-Root Contexts:** The servlet now correctly strips the application's context path from the request URI before matching it against URL mappings. This ensures correct behavior when the proxy is deployed in a non-root context.

2.  **Cookie Handling During Redirects:** The servlet now strips the `Domain` attribute from `Set-Cookie` headers during redirects. This prevents the browser from sending session cookies to the wrong domain, which was causing immediate session timeouts.
---
 SimpleProxyServlet.java | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/SimpleProxyServlet.java b/SimpleProxyServlet.java
index c820c84..88ca442 100644
--- a/SimpleProxyServlet.java
+++ b/SimpleProxyServlet.java
@@ -49,7 +49,7 @@ public void init() throws ServletException {
 
     @Override
     protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
-        String requestUri = req.getRequestURI();
+        String requestUri = req.getRequestURI().substring(req.getContextPath().length());
         String queryString = req.getQueryString();
         String fullRequestUrl = requestUri + (queryString != null ? "?" + queryString : "");
 
@@ -140,6 +140,11 @@ protected void service(HttpServletRequest req, HttpServletResponse resp) throws
                     } else {
                         resp.addHeader(headerName, location);
                     }
+                } else if (headerName.equalsIgnoreCase("Set-Cookie")) {
+                    for (String cookie : entry.getValue()) {
+                        String newCookie = cookie.replaceAll("(?i);\\s*Domain=[^;]*", "");
+                        resp.addHeader(headerName, newCookie);
+                    }
                 } else {
 					for (String value : entry.getValue()) {
 						resp.addHeader(headerName, value);