tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anthony Vromant <>
Subject Re: Smooth applications migration in a J2EE cluster [mod_jk]
Date Mon, 08 Jan 2007 12:37:13 GMT
Hi Rainer,

As we discussed recently, using a Tomcat Valve or a Filter to detect 
invalidated session could be a good approach.
Can I have your feeling about such a Tomcat filter :

If session is invalid (or new)
   - Set sendRedirect attribute of HtppResponse at the same value of 
current HttpRequest path
   - Invalidating the cookie
   - Send Response

This filter would have to be active on disabled workers.
So when the request is (re)send by browser, mod_jk doesn't detect any 
session informations and route the request to an active worker (so new 
application version).
In this way, it will be transparent for the users.

Best wishes,

Source code exemple :
if (started && session.isNew()) {
            // invalidating the jsessionid cookie
            // set a new session cookie
            Cookie newCookie = new Cookie("JSESSIONID", "");
            String contextPath = ((HttpServletRequest) request)
            if ((contextPath != null) && (contextPath.length() > 0)) {
            } else {
            if (request.isSecure()) {
            ((HttpServletResponse) response).addCookie(newCookie);
            // set sendRedirect response
            ((HttpServletResponse) response)
                    .sendRedirect(((HttpServletRequest) request)
                            + ((HttpServletRequest) 

Rainer Jung wrote:
> Hi Anthony,
> Anthony Vromant schrieb:
>> Here is the explanation about the session validity checking :
>> This test aims to have users with expired sessions and URL encoded
>> bookmarks
>> (or long running browsers with cookies cached) redirected to a node
>> hosting the new version of the application.
>> If this test is not done during the update, these users will start a new
>> session on a
>> node hosting the old version of application (and so, perhaps just before
>> the stop of these node).
>> Do you agree with this ?
> Ah OK, yes I agree. You could use a filter (or Valve) to redirect
> requests with an invalid session to the login page without URL encoding
> and invalidating the cookie. That way you would destroy the invalid
> binding to this node.
> If we would try to do that with mod_jk directly, mod_jk would need to
> have a shadow copy of the session list, something which doesn't sound
> right. OK, mod_jk could ask tomcat about the session, but we can also
> simply forward and let the node delete the binding.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message