Hi everyone, I'm having trouble setting up Xwiki behind my Reverse Proxy. As a reverse proxy I have to use IIS. With ARR and URL Rewrite. The rewrite rules are on the default web site and rwrite to http://localhost:port/xwiki (this will later be changed to https) Now if I log into my Xwki with a user or an admin, if I click on any link the account isn't logged in anymore. I don't have this problem with several other applications (for instance YouTrack or Nexus), nor does it occur if I bypass the proxy. Any ideas would be welcomed.

Have a nice day, Jack -- View this message in context: http://xwiki.475771.n2.nabble.com/User-Session-not-sticky-behind-IIS8-Rever… Sent from the XWiki- Users mailing list archive at Nabble.com. _______________________________________________ users mailing list users(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/users

#--------------------------------------- # Authentication and authorization # #-# Enable to allow superadmin. It is disabled by default as this could be a #-# security breach if it were set and you forgot about it. Should only be enabled #-# for recovering the Wiki when the rights are completely messed. xwiki.superadminpassword=system #-# Authentication type. You can use 'basic' to always use basic authentication. # xwiki.authentication=form #-# Indicate if the authentication has do be done for each request #-# 0: the default value, authentication is done only once by session. #-# 1: the authentication is done for each request. # xwiki.authentication.always=0 #-# Cookie encryption keys. You SHOULD replace these values with any random string, #-# as long as the length is the same. xwiki.authentication.validationKey=totototototototototototototototo xwiki.authentication.encryptionKey=titititititititititititititititi #-# Comma separated list of domains for which authentication cookies are set. This #-# concerns mostly wiki farms. The exact meaning is that when a user logs in, if #-# the current domain name corresponding to the wiki ends with one of the entries #-# in this parameter, then the cookie is set for the larger domain. Otherwise, it #-# is set for the exact domain name of the wiki. #-# #-# For example, suppose the cookiedomains is set to "mydomain.net". If I log in #-# on wiki1.xwiki.com, then the cookie will be set for the entire mydomain.net #-# domain, and if I visit wiki2.xwiki.com I will still be authenticated. If I log #-# in on wiki1.otherdomain.net, then I will only be authenticated on #-# wiki1.otherdomain.net, and not on wiki2.otherdomain.net. #-# #-# So you need this parameter set only for global authentication in a #-# farm, there's no need to specify your domain name otherwise. #-# #-# Example: xwiki.authentication.cookiedomains=xwiki.org,myxwiki.org xwiki.authentication.cookiedomains=