2 Replies Latest reply on Nov 25, 2010 10:04 AM by piklos

How to do a lightweight invalidation of sessions in a cluster?

piklos Nov 22, 2010 4:05 PM

Hello, i am new to jboss culstering and need a hint.

My team and me developed an application using seam 2.0.2 sp1, and richfaces, deployed it on jboss 4.2.3.

We have a requirement to deploy on two jboss servers cluster behind a load balancer with sticky sessions.

One of the requirements for the application was that when one user logs in from a computer/browser, he cannot login at the same time with the same credentials from another computer/browser. The specifics of the requirement are such that a second time user tries to login he should be notified that he is already logged in and asked whether he should continue using this (new) session or the old one. If he then chooses to use the new one, then the old one has to be killed/invalidated. We got this working on a single jboss machine (we have a map of userIds and sessions, so it was relatively easy). But now since we are behind load balancer, it could happen that when a user tries to login a second, he could get forwarded to the "other" jboss which doesn't know anything about the entry in the userId-session map on the first jboss. (since maps are local to the servers)

If i understand correctly if we mark our application as distributable (and do some more configuration) then we would get a

jboss.web:service=ClusterManager up and running, and we could kill sessions cluster-wide by using 
org.jboss.web.tomcat.service.session.JBossCacheManagerMBean as shown in this example:
http://seamframework.org/Documentation/HowDoIExpireSessionsOutClusterWideInSeam
That works fine, but if i get it right our cluster then tries to replicate the state of sessions and ejb-s,
and we fear thet the overhead can be too big for such a small task like killing a session cluster wide.
Now questions:
Is it possible to use that JbossCacheManagerMBean without having to replicate all the ejbs and seam bean
across cluster?
If so how?
If not is there any easy way that our servers can notify each other something like
 "hay kill this session for me" (in this case all server would have their own user-session maps
 and would need to comunicate somehow)?
Any help would be appreciated, since this is such a big topic for me.


Thanks in advance.

Edit: Tried hard but i can't remove this wiki formatting.

1. Re: How to do a lightweight invalidation of sessions in a cluster?

wdfink Nov 23, 2010 4:22 AM (in response to piklos)

For this I implement some time ago something like this:
- session create a UID and store it into the session object and in the database
- a new login check this UID, show a warning if found, and overwrite it if the user decide to login
- the running session check the UID and show an error if not the correct one

But I'm not sure whether there is a simpler or better solution ;-)
1 of 1 people found this helpful
Actions
2. Re: How to do a lightweight invalidation of sessions in a cluster?

piklos Nov 25, 2010 10:04 AM (in response to wdfink)

Yeah, but that way the running session has to check DB on every request to see if the UID is there. I wouldn't want to put so much pressure on the database.

I thought about making a custom channel with Jgroups through which all my jboss instance can communicate.
Would that be a good solution? Is there any reference documentation/examples that i can look into? Or is there something easier that i can do?
Actions

Go to original post