Curl thinks it's being set:
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< Set-Cookie: JSESSIONID=7B26C0CAABC706C1942ACF4187FD0608; Path=/path;
HttpOnly
< P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND
CNT TST'
< Cache-Control: no-store
< Pragma: no-cache
< Expires: -1
< Last-Modified: 0
< Content-Type: text/html;charset=utf-8
< Transfer-Encoding: chunked
< Vary: Accept-Encoding
< Date: Fri, 27 Apr 2018 10:20:07 GMT
So, yes, it is still being set by the application.
Simon
On 27/04/18 10:59, Maximilian Boehm wrote:
Hi,
Sessions are managed on haproxy with a stick table which stores a JSESSIONID
Just to make sure: Are you sure this application still uses JSESSIONID as
identifier for the session? As far as I know, that kind of applications often
use things like Web Tokens instead of regular session cookies.
Max
-----Ursprüngliche Nachricht-----
Von: Simon McLeish <[email protected]>
Gesendet: Freitag, 27. April 2018 11:41
An: [email protected]
Betreff: Load balancing a single page application
Hi,
We are using haproxy to load balance a vendor application across three servers.
This has been very successful, but recently the vendor has released a new
interface which is a single page AngularJS application, and since we went live
on Tuesday we have been having problems with premature session timeouts.
Sessions are managed on haproxy with a stick table which stores a JSESSIONID
cookie value which is also shared with the application session management. This
has a timeout set to 30 minutes both in haproxy and in the application.
The way the timeouts are happening suggests that haproxy may be assuming that
there is no activity because the page is never reloaded, though of course there
will be JS traffic across the connection. Could you advise whether this is
likely? And if so, are there any recommendations for settings which would work
better?
This is the session-related part of our configuration for reference (redacted
slightly):
backend prd-http
stick on urlp(jsessionid) table front_jsessionid
stick on urlp(jsessionid,;) table front_jsessionid
stick on cookie(JSESSIONID) table front_jsessionid
stick store-response cookie(JSESSIONID) table front_jsessionid
http-request del-header Proxy
option httplog
option originalto
balance roundrobin
option httpchk GET /
http-check expect status 200
server server1
server server2
server server3 backup
backend front_jsessionid
stick-table type string len 52 size 10m expire 30m
There is a further backend which is the server used for authentication; the
session cookie is not shared with that.
Thanks,
Simon
