tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Blumenthal" <>
Subject RE: AOL
Date Tue, 10 Oct 2006 15:51:04 GMT

> How does the lb decide where you go for all requests after 
> the first one? Typically, the session id is sniffed from the 
> URL or cookie and the lb maintains a table of mappings that 
> expires after some time.

Our two choices are evidently "IP-based" and "cookie-based".  Currently,
we're using "IP-based", so every IP address is treated as a separate
request.  I'm looking into making it cookie-based, and making cookies a
requirement for the site (currently, we only use cookies to store a couple
of simple preferences).  Any idea how many people have cookies turned off?

> One option is session sharing (or clustered sessions?). I 
> have forgotten what they are called but basically all the 
> servers share session data, so it doesn't matter which server 
> you eventually go to. If you don't have a lot of data going 
> into the session, I would imagine that it isn't too chatty on 
> the backend.
> When consulting for [a large robber baron in the SSL cert 
> racket], their setup was to actually divert all of their AOL 
> customers away from the main cluster and onto a separate 
> machine. I think it was a single-box setup for the AOLers, 
> based upon the actual load that AOLers represented.

I actually considered that, although it seems a bit of an extreme solution.

Incidentally, who creates the sessionID?  Is it Tomcat? Apache? The browser?
Maybe if I could make sure it only authenticates the sessionID against the
first three numbers in the IP address...


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message