Bug 55683

Summary: mod_jk doesn't properly parse version 1 cookies, breaking sticky sessions
Product: Tomcat Connectors Reporter: Aaron Ogburn <aogburn>
Component: CommonAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 1.2.37   
Target Milestone: ---   
Hardware: PC   
OS: Linux   

Description Aaron Ogburn 2013-10-21 14:21:12 UTC
mod_jk can't properly parse version 1 cookies, which can break sticky sessions if a session cookie has a quoted version 1 cookie value.

Reproducing with mod_jk trace logging shows how it parses the session cookie and jvmroute.  I tested with my jvmRoute set to `testing:123`, which produces a quoted version 1 cookie value:

[Tue Oct 15 15:20:12 2013][9846:140521757296384] [debug] init_ws_service::mod_jk.c (1097): Service protocol=HTTP/1.1 method=GET ssl=false host=(null) addr=127.0.0.1 name=localhost port=80 auth=(null) user=(null) laddr=127.0.0.1 raddr=127.0.0.1 uri=/helloworld2/hi.jsp
[Tue Oct 15 15:20:12 2013][9846:140521757296384] [debug] service::jk_lb_worker.c (1201): service sticky_session=1 id='"QO1g5upa1l+mpzaJpor0Ko41.testing:123"'
[Tue Oct 15 15:20:12 2013][9846:140521757296384] [debug] get_most_suitable_worker::jk_lb_worker.c (1012): searching worker for partial sessionid "QO1g5upa1l+mpzaJpor0Ko41.testing:123"
[Tue Oct 15 15:20:12 2013][9846:140521757296384] [debug] get_most_suitable_worker::jk_lb_worker.c (1020): searching worker for session route testing:123"

So it does not parse the quotes out of the session cookie value, thus looking for route testing:123" instead of testing:123.

That can be worked around by manually setting the route to include that trailing ":

worker.node01.reference=worker.template
worker.node01.port=8009
worker.node01.host=127.0.0.1
worker.node01.type=ajp13
worker.node01.route=testing:123"
Comment 1 Rainer Jung 2014-03-31 19:28:33 UTC
This should be fixed in r1583415.
Will be part of version 1.2.40.
Would be nice if you could give the change a try.