Bug 47298 - enabled emptysessionpath not checking if route replacement is needed
Summary: enabled emptysessionpath not checking if route replacement is needed
Alias: None
Product: Tomcat 6
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 6.0.18
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: default
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2009-06-02 05:38 UTC by James Hoare
Modified: 2009-06-11 09:31 UTC (History)
0 users

Work around for undocumented behavior of emptySessionPath (2.72 KB, text/plain)
2009-06-11 09:29 UTC, Filip Hanik

Note You need to log in before you can comment on or make changes to this bug.
Description James Hoare 2009-06-02 05:38:02 UTC
Hi, our app currently relies on using the attribute emptysessionpath=true on the ajp connector due to having most of our 
urls not containing the context path of our web app. 

We are having trouble with the jvmroute switching as the Tomcat code doesn't appear to 
check if the jvmroute is valid for that node? I noticed in the 
org.apache.catalina.session.ManagerBase there is some code that is 
commented out, which would fix the route replacement.

Is it possible to uncomment the route replacement check below in ManagerBase?

code from ManagerBase:

if (sessionId == null) {
            sessionId = generateSessionId();
        // FIXME WHy we need no duplication check?
             synchronized (sessions) {
                while (sessions.get(sessionId) != null) { // Guarantee
                    // uniqueness
                    sessionId = generateSessionId();
            // FIXME: Code to be used in case route replacement is needed
        } else {
            String jvmRoute = getJvmRoute();
            if (getJvmRoute() != null) {
                String requestJvmRoute = null;
                int index = sessionId.indexOf(".");
                if (index > 0) {
                    requestJvmRoute = sessionId
                            .substring(index + 1, sessionId.length());
                if (requestJvmRoute != null && 
!requestJvmRoute.equals(jvmRoute)) {
                    sessionId = sessionId.substring(0, index) + "." + 
Comment 1 James Hoare 2009-06-03 02:21:13 UTC
We have uncommented the route node replacement code in ManasgerBase and built from source and this seems to be working on our QA environment. 

So is it possible to get this into the next point release?
Comment 2 James Hoare 2009-06-11 06:07:19 UTC
When we take a node down for maintenaince we experience problems with the exisitng sessions that were created on that node. These sessions are  bouncing between the other nodes, as the worker has been removed from the mod_jk workers file. 

Therefore, we need the susbsequent check in ManagerBase to replace the jvm route with the local node if they are different.
Comment 3 Filip Hanik 2009-06-11 09:28:36 UTC
James, I see your issue. 
While the documentation http://tomcat.apache.org/tomcat-6.0-doc/config/http.html
only has the behavior documented as "setting cookie Path=/" it over 4 years ago also introduced a side effect of creating a session with the supplied ID.

This behavior is too old to be changed in the way you requested, even though its not properly documented.

In Tomcat 7 (Servlet 3.0) there is a standard way of configuring the session cookie paramneters (such as path) so this wont be an issue.

For Tomcat 6, I will attach a simple code solution that would work to rewrite the JVM route in a Valve to solve your problem.

I will therefor close the issue as WONT FIX.

Please see my attached valve for how you could solve your specific use case.
Comment 4 Filip Hanik 2009-06-11 09:29:56 UTC
Created attachment 23796 [details]
Work around for undocumented behavior of emptySessionPath