-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/4/09 3:03 PM, Winfried Tilanus wrote: > On 09/30/2009 08:39 PM, Peter Saint-Andre wrote: > > Hi, > > I needed to think about this one for a while. > >> Because of how HTTP is deployed, there might be intermediaries between a >> BOSH client and a BOSH connection manager (CM). Such intermediaries >> might include proxies, caching servers, and load balancers. Some of >> these entities, especially load balancers, might redirect an HTTP >> request from the client to a different CM. > > First of all the *only* entity I can think of that redirects requests to > different CM's is (by definition) a load-balancer. > > (One other scenario I can think of that would result in the sesion of > one client getting connected to different CM's, is the use of a > round-robin DNS. That would bring up a whole other range of problems, > just like automatic fail over of CM's would do.) > > So apparently we are speaking only about load balancers here. AFAIK are > load balancers always deployed by the owner of the server park. So both > the CM's and the load balancers are under the same control.
Not always. It depends on the deployment. >> Discussions with implementers have led me to conclude that the best way >> to do this is for the CM to set a temporary cookie on the client >> (containing a session ID) in its response to the first BOSH request, and >> for the client to return that cookie value to the CM when it sends >> future requests during the life of the BOSH session. > > Sending cookies is fine with me, as long as sending them is optional. If > the operator of a site thinks it is the best for their load balancer to > use the cookies, they can configure their CM's to do so. For our project > I would prefer to have the option *not* to store cookies. In some cases > the idea that a cookie is stored (how unintrusive it might be in > reality) is just too much. In some other cases even a cookie that > expires at the end of the session really might be too much. Agreed. Even if the client supports cookies, it needs to provide a way for the user to disable that support. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrLfYAACgkQNL8k5A2w/vz0uACfcihj2ojpJslokBVpd1PK4a5d qIwAn3ZGiCj9wQV1u5yE0AT/rjHEuQYl =En71 -----END PGP SIGNATURE-----
