tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Henri Gomez <>
Subject Re: mod_jk, JSESSION_ID and load-balancing
Date Tue, 25 Jun 2013 07:00:42 GMT
Hi Rainer.

> It seems Shiro recommend to extend

>From code review (I may be wrong), it seems Nexus is extending

> in order to add the needed suffix to a new id when creating a session
> cookie and to subtract it before forwarding the id to the shiro internals.
> Some of the things you need are already implemented in recent mod_jk:
> Strategy 1:
> You can let mod_jk know about using another cookie by setting the worker
> load balancer attribute "session_cookie" e.g. to "mycookie". You might
> also want to change session_path to something non-standard such that an
> occasional path encoding with the busted session id doesn't interfere
> with mod_jk.
> See "session_cookie" and "session_path" in

Yep, but Tomcat or HTTPd/mod_jk should set this cookie instead of
JSESSIONID isn't it ?

> Strategy 2:
> Directly set the route with Apache means into the Apache environment
> variable JK_ROUTE. See "JK_ROUTE" in
> The problem is how to set the cookie. You could do it using a servlet
> filter on the Tomcat side. Such a simple filter could be added to the
> webapp, without the need of changing the webapp sources. The filter is
> independent and would just be added to web.xml and the WEB-INF/lib.

Sadly I can't update Nexus installation or setup ;(

> Letting mod_jk itself set the cookie could be a nice addition, because
> it would be easy for it to do. It knows the correct route name, whether
> the cookie was already received with the request and whether a failover
> happened. Would be easy to add. The configuration would need to wire the
> "HttpOnly" and "Secure" flags for the cookie.

Yes and back to my initial question, about updating mod_jk so it could set
and reuse its own cookie instead of substring of JSESSIONID :)

HTTPd mod_proxy and mod_balancer did the same and it seems a smart

What do you think ?

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message