Re: FW: sessionID within URL and loadbalance (was: WAP and sessionIDs)

[Craig R. McClanahan]

Shai, Your suggested bugfix is in my stack of changes that I'm going through at the moment.  I don't expect to run into any problems with it, and plan to incorporate it into post-beta7.  I will definitely let you know if I have any questions. Thanks for submitting the patch! Craig   [EMAIL PROTECTED] wrote: Hi, This is my fix to all the WAP question going around lately. I have sent last week interceptor that is doing the same (URLSeessionInterceptor) and you replied that it will be add it to sources after b7. This is better way to solve the problem of URL embedded sessionIDs and no-cookie browsers (WAP). Please let me know whether you are going to include that in tomcat 3.2. (this fix bug #328) TIA. --Shai -----Original Message----- From: Shai Fultheim (BRM IL) Sent: Thursday, November 16, 2000 01:03 To: '[EMAIL PROTECTED]' Cc: 'Craig R. McClanahan' Subject: sessionID within URL and loadbalance (was: WAP and sessionIDs) Importance: High Hi all, The patch below fix a bug that didn’t let tomcat to run in loadbalance configuration, while having the session managed only in URL. The mail problem with load balancing is that the jvmRoute param (which is the tomcat name as known from apache side) must be added to the session (ie. Assuming the sessionid was ‘xxx’ it have to be changed to ‘xxx.t1’ assuming that t1 is the name of that tomcat instance). Now, tomcat handle jvmRoute at his side by adding that parameter to the jsessionid cookie. THIS IS A BUG, since encode URL still use the original sessionID (without the ‘.jvmRoute’). In order to fix that sessionID must be changed so it contains jvmRoute (assuming we have it). Please see the code fix below. Please approve this (and merge with the code ASAP), since cellular phones, which use WAP (and does not support cookies) can’t work with loadbalnce configuration of apache+tomcat. Thanks in advance. --Shai Fultheim. ________________________ Shai Fultheim Chief Technology Officer BRM Seed E-Mail: [EMAIL PROTECTED] Mobile: 972-53-866-459 Office: 972-2-5891-459 Index: tomcat/request/SessionInterceptor.java =================================================================== RCS file: /home/cvspublic/jakarta-tomcat/src/share/org/apache/tomcat/request/SessionInterceptor.java,v retrieving revision 1.24.2.2 diff -u -w -r1.24.2.2 SessionInterceptor.java --- tomcat/request/SessionInterceptor.java2000/11/11 02:07:021.24.2.2 +++ tomcat/request/SessionInterceptor.java2000/11/15 22:44:05 @@ -75,6 +75,7 @@ * This implementation only handles Cookies sessions, please extend or * add new interceptors for other methods. * + * @author Shai Fultheim [[EMAIL PROTECTED]]Session contains jsIdent */ public class SessionInterceptor extendsBaseInterceptor { @@ -112,8 +113,6 @@ if ((foundAt=uri.indexOf(sig))!=-1){ sessionId=uri.substring(foundAt+sig.length()); -// I hope the optimizer does it's job:-) -sessionId = fixSessionId( request, sessionId ); // rewrite URL, do I need to do anything more? request.setRequestURI(uri.substring(0, foundAt)); @@ -126,24 +125,6 @@ return 0; } -/** Fix the session id. If the session is not valid return null. -*It will also clean up the session from load-balancing strings. -* @return sessionId, or null if not valid -*/ -private String fixSessionId(Request request, String sessionId){ -// GS, We piggyback the JVM id on top of the session cookie -// Separate them ... - -if( debug>0 ) cm.log(" Orig sessionId" + sessionId ); -if (null != sessionId) { -int idex = sessionId.lastIndexOf(SESSIONID_ROUTE_SEP); -if(idex > 0) { -sessionId = sessionId.substring(0, idex); -} -} -return sessionId; -} - public int beforeBody( Request rrequest, Response response ) { String reqSessionId = response.getSessionId(); if( debug>0 ) cm.log("Before Body " + reqSessionId ); @@ -159,11 +140,6 @@ sessionPath = "/"; } -// GS, piggyback the jvm route on the session id. -String jvmRoute = rrequest.getJvmRoute(); -if(null != jvmRoute) { -reqSessionId = reqSessionId + SESSIONID_ROUTE_SEP + jvmRoute; -} Cookie cookie = new Cookie("JSESSIONID", reqSessionId); Index: tomcat/session/StandardManager.java =================================================================== RCS file: /home/cvspublic/jakarta-tomcat/src/share/org/apache/tomcat/session/Attic/StandardManager.java,v retrieving revision 1.11 diff -u -w -r1.11 StandardManager.java --- tomcat/session/StandardManager.java2000/06/18 20:14:131.11 +++ tomcat/session/StandardManager.java2000/11/15 22:44:06 @@ -1,5 +1,5 @@ /* - * $Header: /home/cvspublic/jakarta-tomcat/src/share/org/apache/tomcat/session/Attic/StandardManager.java,v 1.11 2000/06/18 20:14:13 jon Exp $ + * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/session/Attic/StandardManager.java,v 1.11 2000/06/18 20:14:13 jon Exp $ * $Revision: 1.11 $ * $Date: 2000/06/18 20:14:13 $ * @@ -102,6 +102,7 @@ * @author Craig R. McClanahan * @author [EMAIL PROTECTED] * @author <a href="mailto:[EMAIL PROTECTED]">Jon S. Stevens</a> + * @author Shai Fultheim [[EMAIL PROTECTED]]Get jsIdent * @version $Revision: 1.11 $ $Date: 2000/06/18 20:14:13 $ */ public final class StandardManager implements Runnable{ @@ -351,7 +352,7 @@ * @exception IllegalStateException if a new session cannot be *instantiated for any reason */ -public HttpSession getNewSession() { +public HttpSession getNewSession(String jsIdent) { if ((maxActiveSessions >= 0) && (sessions.size() >= maxActiveSessions)) @@ -375,7 +376,7 @@ session.setValid(true); session.setCreationTime(System.currentTimeMillis()); session.setMaxInactiveInterval(this.maxInactiveInterval); -session.setId(SessionUtil.generateSessionId()); +session.setId(SessionUtil.generateSessionId(jsIdent)); return (session); } Index: tomcat/session/StandardSessionInterceptor.java =================================================================== RCS file: /home/cvspublic/jakarta-tomcat/src/share/org/apache/tomcat/session/StandardSessionInterceptor.java,v retrieving revision 1.5.2.2 diff -u -w -r1.5.2.2 StandardSessionInterceptor.java --- tomcat/session/StandardSessionInterceptor.java2000/11/15 04:19:191.5.2.2 +++ tomcat/session/StandardSessionInterceptor.java2000/11/15 22:44:07 @@ -85,7 +85,7 @@ * session stuff ( cookie, rewrite, etc) * * @author [EMAIL PROTECTED] - * @author [EMAIL PROTECTED] (fixed it so that URL session ID is used) + * @author Shai Fultheim [[EMAIL PROTECTED]]Send jsIdent to new getNewSession */ public final class StandardSessionInterceptorextends BaseInterceptor { int manager_note; @@ -145,7 +145,6 @@ if (cookie.getName().equals("JSESSIONID")) { sessionId = cookie.getValue(); -sessionId = fixSessionId( request, sessionId ); if (debug > 0) log("Found session id cookie " + sessionId); request.setRequestedSessionId( sessionId ); request.setSessionIdSource( Request.SESSIONID_FROM_COOKIE ); @@ -174,7 +173,7 @@ if( request.getSession( false ) != null ) return 0; // somebody already set the session -HttpSession newS=sM.getNewSession(); +HttpSession newS=sM.getNewSession(request.getJvmRoute()); request.setSession( newS ); return 0; } @@ -237,20 +236,6 @@ } catch(IllegalStateException ex ) { throw new TomcatException( ex ); } -} - -private String fixSessionId(Request request, String sessionId){ -// GS, We piggyback the JVM id on top of the session cookie -// Separate them ... - -if( debug>0 ) cm.log(" Orig sessionId" + sessionId ); -if (null != sessionId) { -int idex = sessionId.lastIndexOf(SESSIONID_ROUTE_SEP); -if(idex > 0) { -sessionId = sessionId.substring(0, idex); -} -} -return sessionId; } } Index: tomcat/util/SessionIdGenerator.java =================================================================== RCS file: /home/cvspublic/jakarta-tomcat/src/share/org/apache/tomcat/util/SessionIdGenerator.java,v retrieving revision 1.3.2.1 diff -u -w -r1.3.2.1 SessionIdGenerator.java --- tomcat/util/SessionIdGenerator.java2000/08/23 20:23:161.3.2.1 +++ tomcat/util/SessionIdGenerator.java2000/11/15 22:44:08 @@ -1,5 +1,5 @@ /* - * $Header: /home/cvspublic/jakarta-tomcat/src/share/org/apache/tomcat/util/SessionIdGenerator.java,v 1.3.2.1 2000/08/23 20:23:16 jiricka Exp $ + * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/SessionIdGenerator.java,v 1.3.2.1 2000/08/23 20:23:16 jiricka Exp $ * $Revision: 1.3.2.1 $ * $Date: 2000/08/23 20:23:16 $ * @@ -76,6 +76,7 @@ * @author James Duncan Davidson [[EMAIL PROTECTED]] * @author Jason Hunter [[EMAIL PROTECTED]] * @author Jon S. Stevens <a href="mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]</a> + * @author Shai Fultheim [[EMAIL PROTECTED]]Get jsIdent */ public class SessionIdGenerator { @@ -172,7 +173,7 @@ return sessionId.toString(); } -public static synchronized String generateId() { -return getIdentifier(null); +public static synchronized String generateId(String jsIdent) { +return getIdentifier(jsIdent); } } Index: tomcat/util/SessionUtil.java =================================================================== RCS file: /home/cvspublic/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SessionUtil.java,v retrieving revision 1.5.2.1 diff -u -w -r1.5.2.1 SessionUtil.java --- tomcat/util/SessionUtil.java2000/08/25 23:01:151.5.2.1 +++ tomcat/util/SessionUtil.java2000/11/15 22:44:09 @@ -1,5 +1,5 @@ /* - * $Header: /home/cvspublic/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SessionUtil.java,v 1.5.2.1 2000/08/25 23:01:15 nacho Exp $ + * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SessionUtil.java,v 1.5.2.1 2000/08/25 23:01:15 nacho Exp $ * $Revision: 1.5.2.1 $ * $Date: 2000/08/25 23:01:15 $ * @@ -74,6 +74,7 @@ * <code>Session</code> implementations. * * @author Craig R. McClanahan + * @author Shai Fultheim [[EMAIL PROTECTED]]Get jsIdent * @version $Revision: 1.5.2.1 $ $Date: 2000/08/25 23:01:15 $ */ @@ -175,8 +176,8 @@ /** * Generate and return a new session identifier. */ -public static String generateSessionId() { -return SessionIdGenerator.generateId(); +public static String generateSessionId(String jsIdent) { +return SessionIdGenerator.generateId(jsIdent); } /**