11 Replies Latest reply on Oct 26, 2006 5:50 PM by Brian Stansberry

    Modifying session's jvmRoute when cookies are disabled

    Brian Stansberry Master

      The JvmRouteValve includes this bit of code:

      if (req.isRequestedSessionIdFromURL())
       // Warning but do nothing
       log_.error("JvmRouteValve.checkJvmRoute(): Can't handle clustering where session id is from URL. Will skip.");
       handleJvmRoute(sessionId, jvmRoute, res);

      This basically means that if cookies are disabled and a session fails over, we won't change the jvmRoute portion of the session id. AIUI, if we don't change this, thereafter mod_jk will not pin the session to any server. That's a pretty big limitation to our distributed sessions.

      Tomcat's own JvmRouteBinderValve has similar logic.

      I'm wondering why we can't change the jvmRoute portion of the session id? If cookies are disabled, we of course shouldn't emit a cookie, but why not change the session id? Looking at how Response.encodeURL works, it uses the session object's id when encoding, so if we change this field, any subsequently emitted URLs should have the proper id with the new jvmRoute. This logic is invoked before the request enters the webapp, so the id change will take place before the webapp writes any URLs.

      Am I missing something here?