Hi Chris,
late answer but at least an answer. See below.
On 17.06.2014 16:43, Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
All,
I've been using sticky sessions with mod_jk and I can see that there
is a bit of a problem when attempting to take a backend Tomcat server
out of load-balanced rotation: a user who never (or rarely) restarts
their web browser will keep the same JSESSIONID cookie forever and
therefore end up with the same backend server whether it has been
disabled or not.
Quick series of events:
1. User visits load-balancer and gets a randomly-assigned backend
server/route. We'll call this route "X". The JSESSIONID cookie set by
the backend server is therefore foo.X.
2. User's requests are routed by mod_jk to route X.
3. Route X is disabled using mod_jk's status worker
4. User's session on server X expires.
[Technically, 3 and 4 can happen in either order]
5. User makes a new request to the load-balancer, and mod_jk sees the
JSESSIONID cookie still set to foo.X. mod_jk sends the request to
route X which allows the user to login, etc.
Thus, it takes more time than necessary to bleed all the traffic from
route X for maintenance, etc.
Is there a way for mod_jk to ask route X if the session is *still*
valid? It seems that mod_jk will not re-route a request that looks
like it's got a valid session id to a new (active) backend server
unless the backend server X is actually down.
Any ideas?
Not exactly what you want, but you can build something around it:
1) Switch off stickyness for specific URLs
If you know that users will come via specific URLs, like a login page,
and you want that page to be handled non-sticky to ptimize load
balancing even if users have an old cookie, you can do that by setting
the Apache envvar JK_STICKY_IGNORE. Look for JK_STICKY_IGNORE on:
http://tomcat.apache.org/connectors-doc/reference/apache.html
2) Improve handling of sessions for node with activation "disabled"
If you switch a node to activation "disabled", mod_jk will not send
requests there, that have no session id (and of course also not when the
session route points to another node). But the old cookie requests might
still go there. For that you can use the feature, that mod_jk forwards
the activation state to the Tomcat node. The node can then decide on
itself, whether it will handle a request coming in with an invalid
session id, or for example clears the session cookie and does a
self-referential redirect, which then by mod_jk is balanced on the fully
enabled nodes. This logic can be put into a servlet filter. You have to
be careful though to not produce redirecting cycles, e.g. in case of
errors or all other nodes are down. You could add the name of the first
node the the URL as a query param, and if you see it a second time, then
do not redirect again.
The request attribute is named "JK_LB_ACTIVATION". Search for that name on
http://tomcat.apache.org/connectors-doc/generic_howto/loadbalancers.html
HTH
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
