RE: mod_rewrite Cookie Flag (max age/timeout and domain)

["Guernsey, Byron (GE Consumer & Industrial)" <BY...@GE.COM>]

 
Surely I'm not the only one who thinks session based (expire when
browser closes) cookies are essential for mod_rewrite's cookie
functionality to be very useful?  No comments?
 
Byron Guernsey
 


  _____  

	From: Guernsey, Byron (GE Consumer & Industrial) 
	Sent: Friday, May 21, 2004 10:39 AM
	To: 'dev@httpd.apache.org'
	Subject: mod_rewrite Cookie Flag (max age/timeout and domain)
	
	
	 
	The CO/cookie flag in mod_rewrite is potentially a very powerful
tool, however as it stands now in 2.0.49, you cannot set session based
cookies (cookies which expire when the browser is closed) and you cannot
set cookies without specifying the domain.
	 
	I had both of these requirements while writing a replacement
load balancing rule set for mod_enhydra_Director since we use an older
version of the Enhydra server for some older applications that does not
support ajp13 and because there is no mod_enhydra_director available for
apache httpd 2.  For those unfamiliar, mod_enhydra_director is much like
mod_jk2, but for the Enhydra application server.  The Enhydra App server
was once open source and has since went to a closed source model.   We
are still using an older version of the open sourced app server.  The
newer versions of the app server support ajp13, but we have no interest
in upgrading as our direction is current moving towards Tomcat.  In the
meantime, we must continue to support a large number of enhydra
applications but wish to move from Apache httpd 1.3 to Apache httpd 2.0.
The set of scripts and rules I've written make this possible by load
balancing to the http port of the app server and maintaining session
affinity.
	 
	In order to make these rules, I had to patch mod_rewrite to
allow for session based cookies.  Now with rewrite rules, 2 rewrite
maps, and an error handler document, I have created a configuration
which allows for session affinity using session cookies and failover
using the error handling document and the perl maps- along with the perl
IPC::Cache to keep a scoreboard for the sessions/workers.  Yes, I know-
the amount of work I've done implementing this could probably have been
spent on an apache module, but it started as an experiment and evolved
into something very functional and useful.  Performance tests show that
it performs very close to the enhydra director module. 
	 
	I submitted an early rendition of this patch for mod_rewrite to
the bugzilla database, but have seen no activity on it and have since
rewritten the patch.  Before the modification, it was impossible to make
the domain or timeout/maxage optional parameters while still specifying
others because of the strtok() and the way it refuses to treat 2 colons
as a null token.  The new patch I've written allows you to fill in a
"null" value in the colon separated parameter list in order to allow the
domain and timeout/age parameters to be optional.  If you specify null
for the timeout, then the cookie is a session based cookie.  It also
allows you to use null for the domain to not specify the domain, meaning
the cookie is active for the current domain.  The existing semantics for
the Cookie parameter continue to work as documented on the httpd 2.0
documentation.
	 
	Forgive me if this isn't the correct place to discuss this.  I'm
hoping that the developers are already considering such a change to this
cookie feature because I know my patch is not the most elegant solution-
however, we have become dependant on this functionality in order to do
session affinity based load balancing.  I'd be more than happy to
participate in a discussion of this and contribute in any way possible. 
	 
	Regards,
	Byron Guernsey
	Senior Software Architect
	GE Consumer & Industrial Products