You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by ga...@free.fr on 2006/07/31 11:15:42 UTC
Re: [Tomcat] Looking ofr JSESSIONID in Tomcat
Thanks a lot, Christopher, for your answer, but I am looking for a solution the
most generalizable possible. Does it exist an interface or a Mbean in Tomcat
responsible for managing the session (and so my cookie JSESSIONID)?
Thomas
PS: I am currently looking for a Tomcat's test where the developers may have
tested the behavior of the cookie/session.
Thomas,
>> My current work relates to a context where we want to update a J2EE
application
>> without stopping it.
>Well, you'll certainly have to stop the application at some point. I assume you
mean that you don't want a complete cut-over to the new system: you need a hased
cut-over to assure continuous uptime.
> The general process is to do the following:
> 1. Wean users off some of your production servers. This can usually
> be done by removing those servers from the load balancing or DNS
> rotation.
> 2. Wait for #1 to complete (usually a period of a few hours or even a
> day or so).
> 3. Bring your new servers online, and switch the load balancing or DNS
> rotation completely over to the new servers. Allow your load balancer
> to continue to route "old" sessions to the servers running the old
> version.
> 4. Wait for all sessions to die on the "old" servers.
> 5. Upgrade the remaining servers and reset your load balancer to use
> all servers.
>> As a result we have to separate both, this separation is possible because of
>>the
>> use of the cookie JSESSIONID.
>>
>> I have modified a load balancer (mod_jk) to do this, but when the load
>>balancer
>> receives a HTTP request it can't know whether the session is always available
>> or not (Indeed a session may expire and the cookie bind to it becomes
>>invalid).
>
>> So I want to know if it is possible for an external program to test if a
>>session
>> exists on the Tomcat server? Or what is the name of the structure/object
>> managing Tomcat's cookies in a cluster? Or how does Tomcat make to know if
>> cookie is valid?
> There is at least a cheap way of doing this: make a request to the
> server to some protected URL, and include the session id as a parameter
> instead of a cookie. Something like this:
> http://your.server/protected/url;jsessionid=[SESSIONID]
If you get a challenge for a login, then the session does not exist.
> This doesn't sound like a really good solution, though. Your better bet
> is to use a load balancer that can set an app server affinity and keep
> track of that (usually using a cookie). Then, you blindly forward
> requests to the server to which the session was previously assigned.
> -chris
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org