Hi, our app currently relies on using the attribute emptysessionpath=true on the ajp connector due to having most of our urls not containing the context path of our web app. We are having trouble with the jvmroute switching as the Tomcat code doesn't appear to check if the jvmroute is valid for that node? I noticed in the org.apache.catalina.session.ManagerBase there is some code that is commented out, which would fix the route replacement. Is it possible to uncomment the route replacement check below in ManagerBase? code from ManagerBase: if (sessionId == null) { sessionId = generateSessionId(); // FIXME WHy we need no duplication check? /* synchronized (sessions) { while (sessions.get(sessionId) != null) { // Guarantee // uniqueness duplicates++; sessionId = generateSessionId(); } } */ // FIXME: Code to be used in case route replacement is needed /* } else { String jvmRoute = getJvmRoute(); if (getJvmRoute() != null) { String requestJvmRoute = null; int index = sessionId.indexOf("."); if (index > 0) { requestJvmRoute = sessionId .substring(index + 1, sessionId.length()); } if (requestJvmRoute != null && !requestJvmRoute.equals(jvmRoute)) { sessionId = sessionId.substring(0, index) + "." + jvmRoute; } } */ }
We have uncommented the route node replacement code in ManasgerBase and built from source and this seems to be working on our QA environment. So is it possible to get this into the next point release?
When we take a node down for maintenaince we experience problems with the exisitng sessions that were created on that node. These sessions are bouncing between the other nodes, as the worker has been removed from the mod_jk workers file. Therefore, we need the susbsequent check in ManagerBase to replace the jvm route with the local node if they are different.
James, I see your issue. While the documentation http://tomcat.apache.org/tomcat-6.0-doc/config/http.html only has the behavior documented as "setting cookie Path=/" it over 4 years ago also introduced a side effect of creating a session with the supplied ID. This behavior is too old to be changed in the way you requested, even though its not properly documented. In Tomcat 7 (Servlet 3.0) there is a standard way of configuring the session cookie paramneters (such as path) so this wont be an issue. For Tomcat 6, I will attach a simple code solution that would work to rewrite the JVM route in a Valve to solve your problem. I will therefor close the issue as WONT FIX. Please see my attached valve for how you could solve your specific use case.
Created attachment 23796 [details] Work around for undocumented behavior of emptySessionPath