Chris, > How does the lb decide where you go for all requests after > the first one? Typically, the session id is sniffed from the > URL or cookie and the lb maintains a table of mappings that > expires after some time.
Our two choices are evidently "IP-based" and "cookie-based". Currently, we're using "IP-based", so every IP address is treated as a separate request. I'm looking into making it cookie-based, and making cookies a requirement for the site (currently, we only use cookies to store a couple of simple preferences). Any idea how many people have cookies turned off? > One option is session sharing (or clustered sessions?). I > have forgotten what they are called but basically all the > servers share session data, so it doesn't matter which server > you eventually go to. If you don't have a lot of data going > into the session, I would imagine that it isn't too chatty on > the backend. > > When consulting for [a large robber baron in the SSL cert > racket], their setup was to actually divert all of their AOL > customers away from the main cluster and onto a separate > machine. I think it was a single-box setup for the AOLers, > based upon the actual load that AOLers represented. I actually considered that, although it seems a bit of an extreme solution. Incidentally, who creates the sessionID? Is it Tomcat? Apache? The browser? Maybe if I could make sure it only authenticates the sessionID against the first three numbers in the IP address... Daniel --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
