httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Guernsey, Byron \(GE Consumer & Industrial\)" <BYRON.GUERN...@GE.COM>
Subject mod_rewrite Cookie Flag (max age/timeout and domain)
Date Fri, 21 May 2004 14:39:16 GMT
The CO/cookie flag in mod_rewrite is potentially a very powerful tool,
however as it stands now in 2.0.49, you cannot set session based cookies
(cookies which expire when the browser is closed) and you cannot set
cookies without specifying the domain.
I had both of these requirements while writing a replacement load
balancing rule set for mod_enhydra_Director since we use an older
version of the Enhydra server for some older applications that does not
support ajp13 and because there is no mod_enhydra_director available for
apache httpd 2.  For those unfamiliar, mod_enhydra_director is much like
mod_jk2, but for the Enhydra application server.  The Enhydra App server
was once open source and has since went to a closed source model.   We
are still using an older version of the open sourced app server.  The
newer versions of the app server support ajp13, but we have no interest
in upgrading as our direction is current moving towards Tomcat.  In the
meantime, we must continue to support a large number of enhydra
applications but wish to move from Apache httpd 1.3 to Apache httpd 2.0.
The set of scripts and rules I've written make this possible by load
balancing to the http port of the app server and maintaining session
In order to make these rules, I had to patch mod_rewrite to allow for
session based cookies.  Now with rewrite rules, 2 rewrite maps, and an
error handler document, I have created a configuration which allows for
session affinity using session cookies and failover using the error
handling document and the perl maps- along with the perl IPC::Cache to
keep a scoreboard for the sessions/workers.  Yes, I know- the amount of
work I've done implementing this could probably have been spent on an
apache module, but it started as an experiment and evolved into
something very functional and useful.  Performance tests show that it
performs very close to the enhydra director module. 
I submitted an early rendition of this patch for mod_rewrite to the
bugzilla database, but have seen no activity on it and have since
rewritten the patch.  Before the modification, it was impossible to make
the domain or timeout/maxage optional parameters while still specifying
others because of the strtok() and the way it refuses to treat 2 colons
as a null token.  The new patch I've written allows you to fill in a
"null" value in the colon separated parameter list in order to allow the
domain and timeout/age parameters to be optional.  If you specify null
for the timeout, then the cookie is a session based cookie.  It also
allows you to use null for the domain to not specify the domain, meaning
the cookie is active for the current domain.  The existing semantics for
the Cookie parameter continue to work as documented on the httpd 2.0
Forgive me if this isn't the correct place to discuss this.  I'm hoping
that the developers are already considering such a change to this cookie
feature because I know my patch is not the most elegant solution-
however, we have become dependant on this functionality in order to do
session affinity based load balancing.  I'd be more than happy to
participate in a discussion of this and contribute in any way possible. 
Byron Guernsey
Senior Software Architect
GE Consumer & Industrial Products

View raw message