From users-return-271074-archive-asf-public=cust-asf.ponee.io@tomcat.apache.org Wed Jul 1 10:32:08 2020 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 14F80180638 for ; Wed, 1 Jul 2020 12:32:07 +0200 (CEST) Received: (qmail 1159 invoked by uid 500); 1 Jul 2020 10:32:02 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 1100 invoked by uid 99); 1 Jul 2020 10:32:02 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Jul 2020 10:32:02 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id B067D180F01; Wed, 1 Jul 2020 10:32:01 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.312 X-Spam-Level: X-Spam-Status: No, score=0.312 tagged_above=-999 required=6.31 tests=[KAM_DMARC_STATUS=0.01, KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=disabled Received: from mx1-ec2-va.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id P25hgjtnRyyo; Wed, 1 Jul 2020 10:31:59 +0000 (UTC) Received-SPF: None (mailfrom) identity=mailfrom; client-ip=213.133.104.17; helo=www17.your-server.de; envelope-from=thomas@m3y3r.de; receiver= Received: from www17.your-server.de (www17.your-server.de [213.133.104.17]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 32F9ABC0A5; Wed, 1 Jul 2020 10:31:58 +0000 (UTC) Received: from sslproxy05.your-server.de ([78.46.172.2]) by www17.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from ) id 1jqa21-0006dX-Re; Wed, 01 Jul 2020 12:31:57 +0200 Received: from [2a02:908:4c22:ec00:64d8:1259:697f:2bfd] by sslproxy05.your-server.de with esmtpsa (TLSv1.2:ECDHE-RSA-CHACHA20-POLY1305:256) (Exim 4.92) (envelope-from ) id 1jqa21-0007eM-Lj; Wed, 01 Jul 2020 12:31:57 +0200 Date: Wed, 01 Jul 2020 12:31:55 +0200 User-Agent: K-9 Mail for Android In-Reply-To: <6c75dfb0-cd53-2ef3-7948-2fac319fe867@apache.org> References: <3e2dfabb-a7fa-6403-13fc-6bc1993f8529@christopherschultz.net> <1100746d-ffbd-e79c-b434-d68bd96413b8@apache.org> <556F40FC-36E4-4850-A3FA-E78E97DD89F2@m3y3r.de> <6c75dfb0-cd53-2ef3-7948-2fac319fe867@apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: Tomcat session replication To: Tomcat Users List ,Mark Thomas ,users@tomcat.apache.org From: Thomas Meyer Message-ID: <1B4BDF23-D555-4B19-A5CC-66BD68BBFBB0@m3y3r.de> X-Authenticated-Sender: thomas@m3y3r.de X-Virus-Scanned: Clear (ClamAV 0.102.3/25859/Tue Jun 30 15:38:05 2020) Am 1=2E Juli 2020 12:21:46 MESZ schrieb Mark Thomas : >On 01/07/2020 11:19, Thomas Meyer wrote: >> Am 30=2E Juni 2020 11:07:36 MESZ schrieb Mark Thomas >: >>> On 29/06/2020 21:41, Christopher Schultz wrote: >>>> Mark, >>>> >>>> On 6/27/20 05:29, Mark Thomas wrote: >>>>> On 27/06/2020 10:19, Thomas Meyer wrote: >>>>>> Hi, >>>>>> >>>>>> A few questions regarding tomcat session replication: >>>> >>>>> load-balancing and session replication are two separate parts of >>>>> an overall clustering solution=2E >>>> >>>>>> 1) is the jvmRoute attribute on Engine object necessary for >>>>>> session replication to work correctly? >>>> >>>>> No, but if you don't use it it places a number of restrictions on >>>>> the web application behaviour and on the configuration of session >>>>> replication=2E >>>> >>>>> The limitations are: - you need to use the DeltaManager (which >>>>> doesn't scale as well as the BackupManager); - any requests made >by >>>>> the client that depend on the session MUST be issued in series, >not >>>>> in parallel; and >>>> >>>> This is only true of requests that would modify the session-state >in >>> a >>>> way that needed to be deterministic, right? A bunch of GET requests >>>> that don't change the session ought to be okay in parallel (as long >>> as >>>> any prior state-changing requests have completed _ those changes >>>> replicated)=2E >>> >>> Yes=2E >>> You don't want state changes in parallel on different nodes=2E >>> Any request that depends on a previous change in state can't be >issued >>> until the state changing request has completed and the changes >>> replicated=2E >>> >>>>> - the session Manager must be configured to update all the other >>>>> nodes in the cluster BEFORE the current request returns to the >>>>> client=2E >>>> >>>> Same (negative) caveat here, right? >>> >>> Yes=2E >>> >>> Essentially you want channelSendOptions=3D"6"=2E >>=20 >> Hi, >>=20 >> Yes I'm using that option=2E But it still gives an error, but I may now >found some hints what's going wrong: >>=20 >> When using Spring's ChangeSessionIdAuthStrategy it fails with unknown >CSRF token=2E >>=20 >> It looks like the node fails to replicate, i=2Ee=2E doesn't export, the >session data after a changeSessionId call=2E >>=20 >> When using Spring's SessionFixationProtectionStrategy (which >basically creates a new session and copy all attributes to the new >session) it works correctly with tomcats session replication=2E >>=20 >> So it looks like calling changeSessionId fails to somehow replication >the new session state to the remote nodes=2E >>=20 >> Looking at ManagerBase "session" attribute it's unclear if it >contains only "internal session IDs" or external session IDs which do >change=2E >>=20 >> The ReplicationValve seems to call manager=2EfindSession with the >internal ID=2E >>=20 >> Maybe somewhere something mixes up internal and external session IDs >or forgets to update ManagerBase=2Esession map=2E >>=20 >> Opinions? > >Maybe this: >https://bz=2Eapache=2Eorg/bugzilla/show_bug=2Ecgi?id=3D64560 Yes, that's seems to be exactly the same problem! And it's already fixed! Thank you very much! I'll update our tomcat version from 9=2E0=2E34 to the fixed version=2E Regards Thomas --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org