FW: sessionID within URL and loadbalance (was: WAP and sessionIDs)

shai Thu, 16 Nov 2000 15:11:09 -0800

Hi,

This is my fix to all the WAP question going around lately.

I have sent last week interceptor that is doing the same (URLSeessionInterceptor) and you replied that it will be add it to sources after b7.

This is better way to solve the problem of URL embedded sessionIDs and no-cookie browsers (WAP).

Please let me know whether you are going to include that in tomcat 3.2.

(this fix bug #328)

TIA.

--Shai

-----Original Message-----
From: Shai Fultheim (BRM IL)
Sent: Thursday, November 16, 2000 01:03
To: '[EMAIL PROTECTED]'
Cc: 'Craig R. McClanahan'
Subject: sessionID within URL and loadbalance (was: WAP and sessionIDs)
Importance: High

Hi all,

The patch below fix a bug that didn’t let tomcat to run in loadbalance configuration, while having the session managed only in URL.

The mail problem with load balancing is that the jvmRoute param (which is the tomcat name as known from apache side) must be added to the session (ie. Assuming the sessionid was ‘xxx’ it have to be changed to ‘xxx.t1’ assuming that t1 is the name of that tomcat instance).

Now, tomcat handle jvmRoute at his side by adding that parameter to the jsessionid cookie. THIS IS A BUG, since encode URL still use the original sessionID (without the ‘.jvmRoute’).

In order to fix that sessionID must be changed so it contains jvmRoute (assuming we have it). Please see the code fix below.

Please approve this (and merge with the code ASAP), since cellular phones, which use WAP (and does not support cookies) can’t work with loadbalnce configuration of apache+tomcat.

Thanks in advance.

--Shai Fultheim.

________________________

Shai Fultheim

Chief Technology Officer

BRM Seed

E-Mail: [EMAIL PROTECTED]

Mobile: 972-53-866-459

Office: 972-2-5891-459

Index: tomcat/request/SessionInterceptor.java

===================================================================

RCS file: /home/cvspublic/jakarta-tomcat/src/share/org/apache/tomcat/request/SessionInterceptor.java,v

retrieving revision 1.24.2.2

diff -u -w -r1.24.2.2 SessionInterceptor.java

--- tomcat/request/SessionInterceptor.java 2000/11/11 02:07:02 1.24.2.2

+++ tomcat/request/SessionInterceptor.java 2000/11/15 22:44:05

@@ -75,6 +75,7 @@

* This implementation only handles Cookies sessions, please extend or

* add new interceptors for other methods.

+ * @author Shai Fultheim [[EMAIL PROTECTED]] Session contains jsIdent

public class SessionInterceptor extends BaseInterceptor

{

@@ -112,8 +113,6 @@

if ((foundAt=uri.indexOf(sig))!=-1){

sessionId=uri.substring(foundAt+sig.length());

- // I hope the optimizer does it's job:-)

- sessionId = fixSessionId( request, sessionId );

// rewrite URL, do I need to do anything more?

request.setRequestURI(uri.substring(0, foundAt));

@@ -126,24 +125,6 @@

return 0;

}

- /** Fix the session id. If the session is not valid return null.

- * It will also clean up the session from load-balancing strings.

- * @return sessionId, or null if not valid

- */

- private String fixSessionId(Request request, String sessionId){

- // GS, We piggyback the JVM id on top of the session cookie

- // Separate them ...

- if( debug>0 ) cm.log(" Orig sessionId " + sessionId );

- if (null != sessionId) {

- int idex = sessionId.lastIndexOf(SESSIONID_ROUTE_SEP);

- if(idex > 0) {

- sessionId = sessionId.substring(0, idex);

- }

- return sessionId;

- }

public int beforeBody( Request rrequest, Response response ) {

String reqSessionId = response.getSessionId();

if( debug>0 ) cm.log("Before Body " + reqSessionId );

@@ -159,11 +140,6 @@

sessionPath = "/";

}

- // GS, piggyback the jvm route on the session id.

- String jvmRoute = rrequest.getJvmRoute();

- if(null != jvmRoute) {

- reqSessionId = reqSessionId + SESSIONID_ROUTE_SEP + jvmRoute;

- }

Cookie cookie = new Cookie("JSESSIONID",

reqSessionId);

Index: tomcat/session/StandardManager.java

===================================================================

RCS file: /home/cvspublic/jakarta-tomcat/src/share/org/apache/tomcat/session/Attic/StandardManager.java,v

retrieving revision 1.11

diff -u -w -r1.11 StandardManager.java

--- tomcat/session/StandardManager.java 2000/06/18 20:14:13 1.11

+++ tomcat/session/StandardManager.java 2000/11/15 22:44:06

@@ -1,5 +1,5 @@

- * $Header: /home/cvspublic/jakarta-tomcat/src/share/org/apache/tomcat/session/Attic/StandardManager.java,v 1.11 2000/06/18 20:14:13 jon Exp $

+ * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/session/Attic/StandardManager.java,v 1.11 2000/06/18 20:14:13 jon Exp $

* $Revision: 1.11 $

* $Date: 2000/06/18 20:14:13 $

@@ -102,6 +102,7 @@

* @author Craig R. McClanahan

* @author [EMAIL PROTECTED]

* @author <a href="mailto:[EMAIL PROTECTED]">Jon S. Stevens</a>

+ * @author Shai Fultheim [[EMAIL PROTECTED]] Get jsIdent

* @version $Revision: 1.11 $ $Date: 2000/06/18 20:14:13 $

public final class StandardManager implements Runnable {

@@ -351,7 +352,7 @@

* @exception IllegalStateException if a new session cannot be

* instantiated for any reason

- public HttpSession getNewSession() {

+ public HttpSession getNewSession(String jsIdent) {

if ((maxActiveSessions >= 0) &&

(sessions.size() >= maxActiveSessions))

@@ -375,7 +376,7 @@

session.setValid(true);

session.setCreationTime(System.currentTimeMillis());

session.setMaxInactiveInterval(this.maxInactiveInterval);

- session.setId(SessionUtil.generateSessionId());

+ session.setId(SessionUtil.generateSessionId(jsIdent));

return (session);

}

Index: tomcat/session/StandardSessionInterceptor.java

===================================================================

RCS file: /home/cvspublic/jakarta-tomcat/src/share/org/apache/tomcat/session/StandardSessionInterceptor.java,v

retrieving revision 1.5.2.2

diff -u -w -r1.5.2.2 StandardSessionInterceptor.java

--- tomcat/session/StandardSessionInterceptor.java 2000/11/15 04:19:19 1.5.2.2

+++ tomcat/session/StandardSessionInterceptor.java 2000/11/15 22:44:07

@@ -85,7 +85,7 @@

* session stuff ( cookie, rewrite, etc)

* @author [EMAIL PROTECTED]

- * @author [EMAIL PROTECTED] (fixed it so that URL session ID is used)

+ * @author Shai Fultheim [[EMAIL PROTECTED]] Send jsIdent to new getNewSession

public final class StandardSessionInterceptor extends BaseInterceptor {

int manager_note;

@@ -145,7 +145,6 @@

if (cookie.getName().equals("JSESSIONID")) {

sessionId = cookie.getValue();

- sessionId = fixSessionId( request, sessionId );

if (debug > 0) log("Found session id cookie " + sessionId);

request.setRequestedSessionId( sessionId );

request.setSessionIdSource( Request.SESSIONID_FROM_COOKIE );

@@ -174,7 +173,7 @@

if( request.getSession( false ) != null )

return 0; // somebody already set the session

- HttpSession newS=sM.getNewSession();

+ HttpSession newS=sM.getNewSession(request.getJvmRoute());

request.setSession( newS );

return 0;

}

@@ -237,20 +236,6 @@

} catch(IllegalStateException ex ) {

throw new TomcatException( ex );

}

- }

- private String fixSessionId(Request request, String sessionId){

- // GS, We piggyback the JVM id on top of the session cookie

- // Separate them ...

- if( debug>0 ) cm.log(" Orig sessionId " + sessionId );

- if (null != sessionId) {

- int idex = sessionId.lastIndexOf(SESSIONID_ROUTE_SEP);

- if(idex > 0) {

- sessionId = sessionId.substring(0, idex);

- }

- return sessionId;

}

Index: tomcat/util/SessionIdGenerator.java

===================================================================

RCS file: /home/cvspublic/jakarta-tomcat/src/share/org/apache/tomcat/util/SessionIdGenerator.java,v

retrieving revision 1.3.2.1

diff -u -w -r1.3.2.1 SessionIdGenerator.java

--- tomcat/util/SessionIdGenerator.java 2000/08/23 20:23:16 1.3.2.1

+++ tomcat/util/SessionIdGenerator.java 2000/11/15 22:44:08

@@ -1,5 +1,5 @@

- * $Header: /home/cvspublic/jakarta-tomcat/src/share/org/apache/tomcat/util/SessionIdGenerator.java,v 1.3.2.1 2000/08/23 20:23:16 jiricka Exp $

+ * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/SessionIdGenerator.java,v 1.3.2.1 2000/08/23 20:23:16 jiricka Exp $

* $Revision: 1.3.2.1 $

* $Date: 2000/08/23 20:23:16 $

@@ -76,6 +76,7 @@

* @author James Duncan Davidson [[EMAIL PROTECTED]]

* @author Jason Hunter [[EMAIL PROTECTED]]

* @author Jon S. Stevens <a href="mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]</a>

+ * @author Shai Fultheim [[EMAIL PROTECTED]] Get jsIdent

public class SessionIdGenerator {

@@ -172,7 +173,7 @@

return sessionId.toString();

}

- public static synchronized String generateId() {

- return getIdentifier(null);

+ public static synchronized String generateId(String jsIdent) {

+ return getIdentifier(jsIdent);

}

Index: tomcat/util/SessionUtil.java

===================================================================

RCS file: /home/cvspublic/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SessionUtil.java,v

retrieving revision 1.5.2.1

diff -u -w -r1.5.2.1 SessionUtil.java

--- tomcat/util/SessionUtil.java 2000/08/25 23:01:15 1.5.2.1

+++ tomcat/util/SessionUtil.java 2000/11/15 22:44:09

@@ -1,5 +1,5 @@

- * $Header: /home/cvspublic/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SessionUtil.java,v 1.5.2.1 2000/08/25 23:01:15 nacho Exp $

+ * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SessionUtil.java,v 1.5.2.1 2000/08/25 23:01:15 nacho Exp $

* $Revision: 1.5.2.1 $

* $Date: 2000/08/25 23:01:15 $

@@ -74,6 +74,7 @@

* <code>Session</code> implementations.

* @author Craig R. McClanahan

+ * @author Shai Fultheim [[EMAIL PROTECTED]] Get jsIdent

* @version $Revision: 1.5.2.1 $ $Date: 2000/08/25 23:01:15 $

@@ -175,8 +176,8 @@

/**

* Generate and return a new session identifier.

- public static String generateSessionId() {

- return SessionIdGenerator.generateId();

+ public static String generateSessionId(String jsIdent) {

+ return SessionIdGenerator.generateId(jsIdent);

}

/**

FW: sessionID within URL and loadbalance (was: WAP and sessionIDs)

Reply via email to