Hi Devs, I set up a simple cluster with one AS and one ELB. This ELB is improved to work with Hazelcast clustering. AS joined the cluster and ELB correctly dispatched requests to the AS node. Then I started testing the management console access. When I entered the correct username/password and submit, I got the login page again. But I should have got the successful login message. I saw the successfully logged in message in server logs of AS node.
After analyzing debug log messages of ELB, I noticed an unexpected behaviour of the AS node. Every time I login into the management console, AS node creates a new http session. I.e. "Set-Cookie" header is presents in the login response from AS. I compared with a previous release of AS and this behaviour was not there. So there has to be a recent change to the authentication process of the Carbon management console. My guess was correct. In fact there was a change done by Prabath to regenerate the http session every time a user logs in or logs out of the management console. I think this change was introduced to fix a bug in the system. Prabath can please explain why? This new behaviour of the authentication process cause the ELB to break. Session affinity implementation of ELB is responsible for this. Let me explain. SynapseCallbackReceiver checks for a HttpSessionDispatcher instance in the synapse context object in the response path. LoadBalancingEndpoint is responsible for setting the HttpSessionDispatcher in the synapse context object in the request path. HttpSessionDispatcher extracts the new session cookie( from the Set-Cookie header), if any and creates a corresponding session object in the ELB side. This session object maintains session ID, associated member node, session expiry time etc. All the subsequent request with this session cookie are routed to the same member node. In the current implementation LoadBalancingEndpoint sets the dispatcher to the synapse context only if the request is not bound to any session. I.e. request does not have any session cookie, a new session. LoadBalancingEndpoint does not sets the dispatcher if the request contains the session cookie. With the recent fix in the authentication process, it creates a new session even thought the login request is bound to an existing http session. Now when this login response which is in a new http session(with a Set-Cookie header) reaches ELB, ELB does not create the corresponding session object. Because the dispatcher is not set in the synapse context. That was because the login request was bound to an existing session. But the AS node invalidates the existing session and new created a new one. Therefore logged in session is lost in the ELB. IMO the correct fix wold be to set the dispatcher to all the requests if the session affinity is enabled in ELB. Let me know your thoughts. I will do the necessary modifications. Thanks, Sameera. -- Sameera Jayasoma, Architect, WSO2, Inc. (http://wso2.com) email: [email protected] blog: http://sameera.adahas.org twitter: https://twitter.com/sameerajayasoma flickr: http://www.flickr.com/photos/sameera-jayasoma/collections Lean . Enterprise . Middleware
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
