You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2007/03/20 03:39:41 UTC
DO NOT REPLY [Bug 41897] New: - mod_proxy_balancer: configured session identifier is case-sensitive
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41897>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41897
Summary: mod_proxy_balancer: configured session identifier is
case-sensitive
Product: Apache httpd-2
Version: 2.2.4
Platform: All
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: mod_proxy_balancer
AssignedTo: bugs@httpd.apache.org
ReportedBy: Thorsten.Blome@net-m.de
We're using Apaches(2.2.4) mod_proxy and mod_proxy_balancer to loadbalance
Tomcats(5.5) using mod_proxy_ajp, and found a problem getting both cookie-
based and url-rewriting based session-ids to be 'sticky' for
mod_proxy_balancer.
The Servlet Spec(see i.e.:
http://www.jcp.org/aboutJava/communityprocess/final/jsr053/ ), in section 7,
binds Servlet Containers to use an uppercase param 'JSESSIONID' to hold the
sessionid in cookies, but a lowercase 'jsessionid' if using url-rewriting(used
when cookies are disabled). And thats exactly what the Tomcats do.
Now, if we have defined stickysession to be 'JSESSIONID' in the ProxyPass
directive, i.e. like this:
ProxyPass /me/pub/ balancer://ME-Test/me/pub/ stickysession=JSESSIONID
we observe the stickysession feature to work with cookies, but not with url-
rewriting.
If we define stickysession to use the lowercase variant, like this:
ProxyPass /me/pub/ balancer://ME-Test/me/pub/ stickysession=jsessionid
it's just the other way round: url-rewriting is working, but cookies are not.
mod_proxy_balancer uses the value stickysession is set to in a case-sensitive
way for both cookie-based and url-based session-ids, thus being unable to cope
with the different cases of 'jsessionid' defined as mandatory by the Servlet
Spec. This can be seen in the mod_proxy_balancer.c source in get_path_param()
and get_cookie_param().
What we did to circumvent the problem was to patch mod_proxy_balancer.c like
this:
--------------------------
--- mod_proxy_balancer.c.ORIG 2005-11-10 16:20:05.000000000 +0100
+++ mod_proxy_balancer.c 2006-01-31 18:03:56.000000000 +0100
@@ -111,9 +111,17 @@
const char *name)
{
char *path = NULL;
+ char *session_id = NULL;
+ int i;
+ session_id= apr_pstrdup(pool, name);
+ /* Change 'JSESSIONID' to 'jsessionid' to match the value in the url */
+ if (isupper(name[0])) {
+ for (i=0;i<=strlen(session_id);i++)
+ session_id[i] = tolower(session_id[i]);
+ }
- for (path = strstr(url, name); path; path = strstr(path + 1, name)) {
- path += (strlen(name) + 1);
+ for (path = strstr(url, session_id); path; path = strstr(path + 1,
session_id)) {
+ path += strlen(session_id);
if (*path == '=') {
/*
* Session path was found, get it's value
--------------------------
(found here: http://mail-archives.apache.org/mod_mbox/httpd-users/200603.mbox/%
3c9B4E37DCB8D57D408FF960B536F0E5274330E6@ms01012.avinci.de%3e )
Although that fixed the problem for us, I do not request to apply exactly this
patch to the mod_proxy_balancer.c source(because it's rude in a way that it
only looks for the lowercase identifier in the URL if an uppercase one is
configured), but I think mod_proxy_balancer.c has to be changed so that either:
- it is handling the stickysession identifier in an overall case-insensitive
way, or at least
- it could additionally look for the lowercase variant in get_path_param(), if
an uppercase one is configured and not found in the URL
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 41897] - mod_proxy_balancer: configured session identifier is case-sensitive
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41897>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41897
------- Additional Comments From jfclere@gmail.com 2007-07-09 07:00 -------
Created an attachment (id=20480)
--> (http://issues.apache.org/bugzilla/attachment.cgi?id=20480&action=view)
patch for the httpd-2.2.x
Patch for the 2.2.x branch.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 41897] - mod_proxy_balancer: configured session identifier is case-sensitive
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41897>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41897
------- Additional Comments From jfclere@gmail.com 2007-06-25 07:47 -------
After thinking to it the best way seems to allow 2 parameters separated with a |
Like:
ProxyPass balancer://mycluster/myapp stickysession=JESSSIONID|jsessionid
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org