tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: Is it possible to expire jvmRoute cookie
Date Sun, 09 Dec 2012 21:20:00 GMT
2012/12/7 Christopher Schultz <chris@christopherschultz.net>:
> On 12/7/12 4:16 AM, André Warnier wrote:
>> Williams, Nick wrote:
>>>> -----Original Message----- From: Christopher Schultz
>>> (...)
>>>
>>> Earlier somebody (I'm sorry, I already deleted the email)
>>> suggested Tomcat returning a 308 or 309 or similar to the load
>>> balancer to trigger a "re-balance" if the session is expired. I
>>> think this is the best idea I've heard yet, solves the problem
>>> elegantly and simply, and seems (relatively) easy to achieve
>>> (this coming from someone who has no knowledge of the code used
>>> by mod_jk/isapi_redirector).
>>>
>>
>> I must admit that this sounds more elegant (and efficient) than my
>> suggested interceptor module.
>>
>> Alternatively, if one wanted to avoid touching mod_jk for this,
>> maybe tomcat could return a 302 redirect to the starting page of
>> this application, if known ? (without jsessionid.jvmroute of
>> course).
>
> That's definitely an idea worth pursuing: an expired session id could
> return 302 *and* strip the jsessionid path parameter *and* send a
> Set-Cookie JSESSIONID; expiration=0 header (which deletes the cookie).
> The client would re-try and the balancer would re-balance.
>
> Konstantin, what do you think? Obviously, this shouldn't be the
> default operation of Tomcat, but perhaps a setting that could be
> enabled on the session manager?
>

If anybody want to experiment with such a feature,
it is easy to write your own Filter or Valve that implements this.

Something like
if (request.getSession(false) == null &&
request.getRequestedSessionId() != null) {
response.sendRedirect(...);
return;
}

Things to be cautious
1. Different web applications may have different session ids. When a
browser sends us the session id cookie, there is no indication to what
web application it belongs.

2. I would check the value of request.getMethod().

3. I would do nothing if jvmRoute in requested session id belongs to a
different server.
See also  org.apache.catalina.ha.session.JvmRouteBinderValve,
http://tomcat.apache.org/tomcat-7.0-doc/config/cluster-valve.html


Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message