appsession not working in url (1.3.22, 1.3.24)

[Michael Rennt]

Hi,

according to http://haproxy.1wt.eu/knownbugs-1.3.html
the bug "(M) appsession lookup in URL does not work" is true up to 1.3.14.2.

I'm currently testing the "appsession" feature with 1.3.22, 1.3.24 and 1.4.4.

Only 1.4.4 seems to work the way the documentation suggests, using the 
following test config:

global
        log /dev/log  daemon debug
        pidfile /var/run/haproxy.pid
        maxconn 8192
        user haproxy
        group haproxy

defaults
        log global
        retries 3
        option  redispatch
        maxconn 8192

frontend my-frontend x.x.x.x:80
        mode http
        log     /dev/log        daemon info
        option  httplog
        option  dontlognull
        option httpclose

        default_backend my-backend

backend my-backend
        mode http
        option httpclose
        #balance roundrobin
        #balance url_param JSESSIONID check_post
        #cookie JSESSIONID prefix
        appsession JSESSIONID len 10 timeout 3h request-learn mode query-string
        server s01 x.x.x.10:80 cookie AAAAAA check inter 5000 weight 22
        server s02 x.x.x.20:80 cookie BBBBBB check inter 5000 weight 22

("mode query-string" only used with 1.4.4, "cookie xxxx" are remains from the 
"cookie" parameter)

My test script is setting a cookie. I call it with 
http://test/cookie.php?JSESSIONID=xxxxx

Dumping the hash table with 1.4.4 shows a "get_srv_from_appsession" for the 
appsession in the get
string and a "manage_server_side_cookies" for the cookie from the server (at 
least that's what I guess).

With 1.3.22 and .24 I just get the "manage_server_side_cookies". When I 
constantly deny the cookie,
the requests are round robbed, while with 1.4.4 they are sticky from the first 
request on, because
the url appsession lookup in the url is working.

Will this be fixed in 1.3.x or do you suggest to upgrade to 1.4?

I know about the drawbacks of appsession, i.e. in memory hash lost on reload or 
failover. Will there
be some kind of hash table dump and failover to another system?

Why am I even thinking about using appsession? I'm testing appsession because 
this seems to be the
best way to overcome stickiness problems which might occur with "cookie" + 
"balance url_param" (see
commented out part in the config) on the very first request of a new user. 
Maybe there's an option
to this?
The problem I'm seeing: With "cookie" + "balance url_param" the very first 
request will be round
robbed, if both cookie and url_param are not present. So if a user has cookies 
disabled, after the
first request, the user will click on a link, which includes his session ID as 
a parameter. So with
"balance url_param" the value of the session ID will be hashed and the user 
might end up on a
different server, hence information created locally on the system of the first 
request will be
unavailable. Further requests will be directed to the same system. I know, in a 
cluster user related
data should be kept redundant, but in this case this is not an option.

Best regards,

Michael