tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <>
Subject Re: Is it possible to expire jvmRoute cookie
Date Sun, 09 Dec 2012 21:20:00 GMT
2012/12/7 Christopher Schultz <>:
> On 12/7/12 4:16 AM, André Warnier wrote:
>> Williams, Nick wrote:
>>>> -----Original Message----- From: Christopher Schultz
>>> (...)
>>> Earlier somebody (I'm sorry, I already deleted the email)
>>> suggested Tomcat returning a 308 or 309 or similar to the load
>>> balancer to trigger a "re-balance" if the session is expired. I
>>> think this is the best idea I've heard yet, solves the problem
>>> elegantly and simply, and seems (relatively) easy to achieve
>>> (this coming from someone who has no knowledge of the code used
>>> by mod_jk/isapi_redirector).
>> I must admit that this sounds more elegant (and efficient) than my
>> suggested interceptor module.
>> Alternatively, if one wanted to avoid touching mod_jk for this,
>> maybe tomcat could return a 302 redirect to the starting page of
>> this application, if known ? (without jsessionid.jvmroute of
>> course).
> That's definitely an idea worth pursuing: an expired session id could
> return 302 *and* strip the jsessionid path parameter *and* send a
> Set-Cookie JSESSIONID; expiration=0 header (which deletes the cookie).
> The client would re-try and the balancer would re-balance.
> Konstantin, what do you think? Obviously, this shouldn't be the
> default operation of Tomcat, but perhaps a setting that could be
> enabled on the session manager?

If anybody want to experiment with such a feature,
it is easy to write your own Filter or Valve that implements this.

Something like
if (request.getSession(false) == null &&
request.getRequestedSessionId() != null) {

Things to be cautious
1. Different web applications may have different session ids. When a
browser sends us the session id cookie, there is no indication to what
web application it belongs.

2. I would check the value of request.getMethod().

3. I would do nothing if jvmRoute in requested session id belongs to a
different server.
See also  org.apache.catalina.ha.session.JvmRouteBinderValve,

Best regards,
Konstantin Kolinko

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message