DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=41897>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41897 Summary: mod_proxy_balancer: configured session identifier is case-sensitive Product: Apache httpd-2 Version: 2.2.4 Platform: All OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: mod_proxy_balancer AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] We're using Apaches(2.2.4) mod_proxy and mod_proxy_balancer to loadbalance Tomcats(5.5) using mod_proxy_ajp, and found a problem getting both cookie- based and url-rewriting based session-ids to be 'sticky' for mod_proxy_balancer. The Servlet Spec(see i.e.: http://www.jcp.org/aboutJava/communityprocess/final/jsr053/ ), in section 7, binds Servlet Containers to use an uppercase param 'JSESSIONID' to hold the sessionid in cookies, but a lowercase 'jsessionid' if using url-rewriting(used when cookies are disabled). And thats exactly what the Tomcats do. Now, if we have defined stickysession to be 'JSESSIONID' in the ProxyPass directive, i.e. like this: ProxyPass /me/pub/ balancer://ME-Test/me/pub/ stickysession=JSESSIONID we observe the stickysession feature to work with cookies, but not with url- rewriting. If we define stickysession to use the lowercase variant, like this: ProxyPass /me/pub/ balancer://ME-Test/me/pub/ stickysession=jsessionid it's just the other way round: url-rewriting is working, but cookies are not. mod_proxy_balancer uses the value stickysession is set to in a case-sensitive way for both cookie-based and url-based session-ids, thus being unable to cope with the different cases of 'jsessionid' defined as mandatory by the Servlet Spec. This can be seen in the mod_proxy_balancer.c source in get_path_param() and get_cookie_param(). What we did to circumvent the problem was to patch mod_proxy_balancer.c like this: -------------------------- --- mod_proxy_balancer.c.ORIG 2005-11-10 16:20:05.000000000 +0100 +++ mod_proxy_balancer.c 2006-01-31 18:03:56.000000000 +0100 @@ -111,9 +111,17 @@ const char *name) { char *path = NULL; + char *session_id = NULL; + int i; + session_id= apr_pstrdup(pool, name); + /* Change 'JSESSIONID' to 'jsessionid' to match the value in the url */ + if (isupper(name[0])) { + for (i=0;i<=strlen(session_id);i++) + session_id[i] = tolower(session_id[i]); + } - for (path = strstr(url, name); path; path = strstr(path + 1, name)) { - path += (strlen(name) + 1); + for (path = strstr(url, session_id); path; path = strstr(path + 1, session_id)) { + path += strlen(session_id); if (*path == '=') { /* * Session path was found, get it's value -------------------------- (found here: http://mail-archives.apache.org/mod_mbox/httpd-users/200603.mbox/% [EMAIL PROTECTED] ) Although that fixed the problem for us, I do not request to apply exactly this patch to the mod_proxy_balancer.c source(because it's rude in a way that it only looks for the lowercase identifier in the URL if an uppercase one is configured), but I think mod_proxy_balancer.c has to be changed so that either: - it is handling the stickysession identifier in an overall case-insensitive way, or at least - it could additionally look for the lowercase variant in get_path_param(), if an uppercase one is configured and not found in the URL -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
