You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Ferez <f....@dotin.ir> on 2017/04/03 09:07:35 UTC

Re: Side effects of ignoring JSESSIONID in a multi-threaded application

On 3/18/2017 9:59 PM, Oleg Kalnichevski wrote:
> On Sat, 2017-03-18 at 14:58 +0000, Farzad Mahdikhani wrote:
>> I am using a CloseableHttpClient which uses a
>> PoolingHttpClientConnectionManager in a web application, I mean a
>> multi-threaded application with different users, in a state-less way
>> or request-response way. The server at the other hand, a load
>> balancer in front of 10 servers which I dont have control over it,
>> sends a JSESSIONID in response. Now, the problem is that the
>> JSESSIONID sent by the server is kept by HttpClient and used at the
>> future requests. When this happens, the load balancer redirects every
>> request to the first server, i.e., the creator of the session id
>> which is not appropriate for me and I want other servers to be used
>> by the load balancer for other requests (balance the load among the
>> servers).
>>
>> I could ignore JSESSIONID sent in response by disabling cookies using
>> setCookieSpec(CookieSpecs.IGNORE_COOKIES) when creating RequestConfig
>> object but I dont know the side effects of this. Actually I am
>> afraid of messing responses for the requests in different threads of
>> application when ignoring JSESSIONID. In other words, is it
>> guaranteed that when I execute for example
>> httpclient.execute(httpPost, responseHandler) in a thread, the
>> response is returned to that thread/user?
>>
>
> Yes, it is.
>
>> I am using HttpClient 4.5.2 and as I mentioned above I dont need
>> JSESSIONID sent by the server as I want a state-less request-response
>> behavior here.
>>
>
> You could consider creating a custom filter that automatically drops
> JSESSIONID cookie header or evicts JSESSIONID cookie from the cookie
> store.
>
> Oleg
>

Thank you very much Oleg but two points.

First, I couldn't find how to create request filter or response filter 
and add them to request or response for HttpClient by googling. Is there 
any documentation on this?

Second, why not use setCookieSpec(CookieSpecs.IGNORE_COOKIES) to ignore 
the cookies? Is it because we want to omit the JSESSIONID cookie and not 
the other cookies (which is completely reasonable)?

Ferez

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org