Bug 63695 - session_cookie attribute does not work?
Summary: session_cookie attribute does not work?
Status: RESOLVED INVALID
Alias: None
Product: Tomcat Connectors
Classification: Unclassified
Component: isapi (show other bugs)
Version: 1.2.46
Hardware: PC All
: P2 normal (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-08-26 02:36 UTC by kimc.log
Modified: 2019-08-29 17:12 UTC (History)
0 users



Attachments
jk_lb_worker.c modification (deleted)
2019-08-29 07:23 UTC, kimc.log
Details

Note You need to log in before you can comment on or make changes to this bug.
Description kimc.log 2019-08-26 02:36:51 UTC
I'm trying to change the default value of session_cookie JSESSIONID into TESTSESSIONID
but I think the attribute session_cookie does not work as I intended.

Would you please check if session_cookie has a bug?

Here's my test

* workers.properties
worker.list=worker_lb

worker.worker_lb.type=lb
worker.worker_lb.balance_workers=engine1,engine2
worker.worker_lb.sticky_session=true

worker.engine1.host=localhost
worker.engine1.port=9910
worker.engine1.session_cookie=TESTSESSIONID
worker.engine1.route=engine1
worker.engine1.reference=worker.default

worker.engine2.host=localhost
worker.engine2.port=9920
worker.engine2.session_cookie=TESTSESSIONID
worker.engine2.route=engine2
worker.engine2.reference=worker.default

worker.default.type=ajp13
worker.default.socket_timeout=300
worker.default.connection_pool_timeout=120
worker.default.connection_pool_size=200
worker.default.connection_pool_minsize=100
worker.default.max_packet_size=8192
worker.default.retries=1
worker.default.reply_timeout=360000
worker.default.socket_connect_timeout=3000
worker.default.connect_timeout=3000
worker.default.ping_mode=P
worker.default.prepost_timeout=3000
worker.default.recovery_options=3


* isapi_redirector's log - we can see the log session_cookie' -> 'TESTSESSIONID' (correctly read from my workers.properties)

[Tue Aug 13 16:37:21.024 2019] [6532:21108] [debug] jk_map_dump::jk_map.c (599): Dump of map 4: 'worker.list' -> 'worker_lb,jkstatus'
[Tue Aug 13 16:37:21.537 2019] [6532:21108] [debug] jk_map_dump::jk_map.c (599): Dump of map 4: 'worker.worker_lb.type' -> 'lb'
[Tue Aug 13 16:37:22.467 2019] [6532:21108] [debug] jk_map_dump::jk_map.c (599): Dump of map 4: 'worker.worker_lb.balance_workers' -> 'engine1,engine2'
[Tue Aug 13 16:37:23.045 2019] [6532:21108] [debug] jk_map_dump::jk_map.c (599): Dump of map 4: 'worker.worker_lb.sticky_session' -> 'true'
[Tue Aug 13 16:37:24.305 2019] [6532:21108] [debug] jk_map_dump::jk_map.c (599): Dump of map 4: 'worker.engine1.host' -> 'localhost'
[Tue Aug 13 16:37:25.696 2019] [6532:21108] [debug] jk_map_dump::jk_map.c (599): Dump of map 4: 'worker.engine1.port' -> '9910'
[Tue Aug 13 16:37:25.978 2019] [6532:21108] [debug] jk_map_dump::jk_map.c (599): Dump of map 4: 'worker.engine1.session_cookie' -> 'TESTSESSIONID'
[Tue Aug 13 16:37:26.346 2019] [6532:21108] [debug] jk_map_dump::jk_map.c (599): Dump of map 4: 'worker.engine1.route' -> 'engine1'
[Tue Aug 13 16:37:26.892 2019] [6532:21108] [debug] jk_map_dump::jk_map.c (599): Dump of map 4: 'worker.engine1.reference' -> 'worker.default'
[Tue Aug 13 16:37:28.019 2019] [6532:21108] [debug] jk_map_dump::jk_map.c (599): Dump of map 4: 'worker.engine2.host' -> 'localhost'
[Tue Aug 13 16:37:28.982 2019] [6532:21108] [debug] jk_map_dump::jk_map.c (599): Dump of map 4: 'worker.engine2.port' -> '9920'
[Tue Aug 13 16:37:30.044 2019] [6532:21108] [debug] jk_map_dump::jk_map.c (599): Dump of map 4: 'worker.engine2.session_cookie' -> 'TESTSESSIONID'
[Tue Aug 13 16:37:30.766 2019] [6532:21108] [debug] jk_map_dump::jk_map.c (599): Dump of map 4: 'worker.engine2.route' -> 'engine2'
[Tue Aug 13 16:37:30.988 2019] [6532:21108] [debug] jk_map_dump::jk_map.c (599): Dump of map 4: 'worker.engine2.reference' -> 'worker.default'
[Tue Aug 13 16:37:31.217 2019] [6532:21108] [debug] jk_map_dump::jk_map.c (599): Dump of map 4: 'worker.default.type' -> 'ajp13'
...

* isapi_redirector's log - On second request, request header Cookie has TESTSESSIONID but id='empty'

[Tue Aug 13 16:40:07.209 2019] [6532:18068] [debug] init_ws_service::jk_isapi_plugin.c (3267): Forwarding request header Accept-Language : ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
[Tue Aug 13 16:40:07.270 2019] [6532:18068] [debug] init_ws_service::jk_isapi_plugin.c (3267): Forwarding request header Cookie : TESTSESSIONID=ASfXUomeuKIAUYQKlGfFPk81z4ZCFVW32wVdAmmJqDBLaV7iy7SU8hXlXs3OLSg0.engine1
[Tue Aug 13 16:40:07.321 2019] [6532:18068] [debug] init_ws_service::jk_isapi_plugin.c (3267): Forwarding request header Host : localhost:18888
[Tue Aug 13 16:40:07.381 2019] [6532:18068] [debug] init_ws_service::jk_isapi_plugin.c (3267): Forwarding request header User-Agent : Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36
[Tue Aug 13 16:40:07.432 2019] [6532:18068] [debug] init_ws_service::jk_isapi_plugin.c (3267): Forwarding request header Upgrade-Insecure-Requests : 1
[Tue Aug 13 16:40:07.482 2019] [6532:18068] [debug] init_ws_service::jk_isapi_plugin.c (3267): Forwarding request header Sec-Fetch-Mode : navigate
[Tue Aug 13 16:40:07.544 2019] [6532:18068] [debug] init_ws_service::jk_isapi_plugin.c (3267): Forwarding request header Sec-Fetch-User : ?1
[Tue Aug 13 16:40:07.593 2019] [6532:18068] [debug] init_ws_service::jk_isapi_plugin.c (3267): Forwarding request header Sec-Fetch-Site : none
[Tue Aug 13 16:40:07.655 2019] [6532:18068] [debug] init_ws_service::jk_isapi_plugin.c (3296): Service protocol=HTTP/1.1 method=GET host=::1 addr=::1 name=localhost port=18888 auth=(null) user=(null) uri=/plusds/sessionValueTest.jsp
[Tue Aug 13 16:40:07.705 2019] [6532:18068] [debug] init_ws_service::jk_isapi_plugin.c (3308): Service request headers=13 attributes=0 chunked=no content-length=0 available=0
[Tue Aug 13 16:40:07.745 2019] [6532:18068] [debug] wc_get_worker_for_name::jk_worker.c (120): found a worker worker_lb
[Tue Aug 13 16:40:07.796 2019] [6532:18068] [debug] HttpExtensionProc::jk_isapi_plugin.c (2094): got a worker for name worker_lb
[Tue Aug 13 16:40:07.845 2019] [6532:18068] [debug] service::jk_lb_worker.c (1235): LB - num_of_workers: 2, retry: 0, lb_retries: 2
[Tue Aug 13 16:40:07.896 2019] [6532:18068] [debug] service::jk_lb_worker.c (1235): LB - num_of_workers: 2, retry: 1, lb_retries: 2
[Tue Aug 13 16:40:07.945 2019] [6532:18068] [debug] service::jk_lb_worker.c (1278): service sticky_session=1 id='empty'
[Tue Aug 13 16:40:07.997 2019] [6532:18068] [debug] service::jk_lb_worker.c (1284): attempt 0, max attempts 2, worker count 2
[Tue Aug 13 16:40:08.046 2019] [6532:18068] [debug] get_most_suitable_worker::jk_lb_worker.c (1141): found best worker engine2 (engine2) using method 'Request'
[Tue Aug 13 16:40:08.097 2019] [6532:18068] [debug] service::jk_lb_worker.c (1326): service worker=engine2 route=engine2 failover=true
[Tue Aug 13 16:40:08.146 2019] [6532:18068] [debug] ajp_get_endpoint::jk_ajp_common.c (3357): (engine2) acquired connection pool slot=0 after 0 retries
[Tue Aug 13 16:40:08.197 2019] [6532:18068] [debug] ajp_marshal_into_msgb::jk_ajp_common.c (681): (engine2) ajp marshaling done
[Tue Aug 13 16:40:08.258 2019] [6532:18068] [debug] ajp_service::jk_ajp_common.c (2588): processing engine2 with 1 retries


* I already tested with the default session_cookie=JSESSIONID, the logs are like the below, id='7ywXWgCWC23Q7dmHTrUh2E7GHIQ6jTb828yZzrXXx4zsFevXyxSCbsk7pObtUF0l.engine1'

[Tue Aug 13 16:46:26.424 2019] [2120:10104] [debug] service::jk_lb_worker.c (1278): service sticky_session=1 id='7ywXWgCWC23Q7dmHTrUh2E7GHIQ6jTb828yZzrXXx4zsFevXyxSCbsk7pObtUF0l.engine1'
[Tue Aug 13 16:46:26.475 2019] [2120:10104] [debug] service::jk_lb_worker.c (1284): attempt 0, max attempts 2, worker count 2
[Tue Aug 13 16:46:26.525 2019] [2120:10104] [debug] get_most_suitable_worker::jk_lb_worker.c (1083): searching worker for partial sessionid 7ywXWgCWC23Q7dmHTrUh2E7GHIQ6jTb828yZzrXXx4zsFevXyxSCbsk7pObtUF0l.engine1
[Tue Aug 13 16:46:26.576 2019] [2120:10104] [debug] get_most_suitable_worker::jk_lb_worker.c (1091): searching worker for session route engine1
[Tue Aug 13 16:46:26.626 2019] [2120:10104] [debug] get_most_suitable_worker::jk_lb_worker.c (1106): found worker engine1 (engine1) for route engine1 and partial sessionid 7ywXWgCWC23Q7dmHTrUh2E7GHIQ6jTb828yZzrXXx4zsFevXyxSCbsk7pObtUF0l.engine1
Comment 1 Christopher Schultz 2019-08-26 13:30:33 UTC
Did you change the JSESSIONID cookie name in Tomcat, or just in mod_jk? Those two configurations must agree with each other.
Comment 2 kimc.log 2019-08-26 14:46:02 UTC
(In reply to Christopher Schultz from comment #1)
> Did you change the JSESSIONID cookie name in Tomcat, or just in mod_jk?
> Those two configurations must agree with each other.

Of course, I did, that's why I had the logs below

[Tue Aug 13 16:40:07.270 2019] [6532:18068] [debug] init_ws_service::jk_isapi_plugin.c (3267): Forwarding request header Cookie : TESTSESSIONID=ASfXUomeuKIAUYQKlGfFPk81z4ZCFVW32wVdAmmJqDBLaV7iy7SU8hXlXs3OLSg0.engine1

* my context.xml
<Context sessionCookieName="TESTSESSIONID">

My point is that once session_cookie is changed from its default, It never look for session id from request headers.
Comment 3 kimc.log 2019-08-29 07:23:39 UTC
Created attachment 36741 [details]
jk_lb_worker.c modification

Showing how I modified the source code
Comment 4 kimc.log 2019-08-29 07:50:22 UTC
Comment on attachment 36741 [details]
jk_lb_worker.c modification

I have tried to debug 1.2.46 version of tomcat connector and finally I found some wrong parts of source codes for session-related configs.
 - session_cookie
 - session_path
 - set_session_cookie
 - session_cookie_path

The code that handles those attributes also missed a loop part for more than 2 workers.

I attached a pptx file and you can see what is the problem and how we can handle .
And I would like to you to modify the source and release the patch officially.

Regards,
Comment 5 Mark Thomas 2019-08-29 07:57:54 UTC
The content of attachment 36741 [details] has been deleted for the following reason:

Suspected malicious attachment - file type not readable as pptx
Comment 6 Rainer Jung 2019-08-29 08:49:37 UTC
Note that the docs under

http://tomcat.apache.org/connectors-doc/reference/workers.html
show that the attribute session_cookie is an LB attribute. You have set it for the  two ajp13 workers, but you need to set it for the lb worker named "worker_lb" like:

worker.worker_lb.session_cookie=TESTSESSIONID

You can remove it from angine1 and engine2.

Please report back, if that works for you so we could close this ticket.

Regards,

Rainer
Comment 7 kimc.log 2019-08-29 15:11:09 UTC
Thank you Rainer,

I changed my configuration as you adviced like the below.
And It works as I intended finally.

worker.list=worker_lb
worker.worker_lb.type=lb
worker.worker_lb.balance_workers=engine1,engine2
worker.worker_lb.session_cookie=LBSESSIONID
worker.worker_lb.sticky_session=true

worker.engine1.host=localhost
worker.engine1.port=9910
worker.engine1.route=engine1
worker.engine1.reference=worker.default

worker.engine2.host=localhost
worker.engine2.port=9920
worker.engine2.route=engine2
worker.engine2.reference=worker.default

You can close this subject.
Best regards,