Hi Mark,
By duplicate session I mean that we get a duplicate session id created
by one of the nodes which then hijacks an existing session and we have
two users with a single session. We thought using JDBC based sessions
would avoid this but that doesn't seem to be the case. It could be how
our PersistentManager is setup, see config below, but I'm leaning to
going back to default memory based sessions and using the cluster tag.
We are out of our comfort zone on this and are happy for any
advice/experience.
Z.
<Manager className="org.apache.catalina.session.PersistentManager"
maxIdleBackup="1"
processExpiresFrequency="1">
<Store className="org.apache.catalina.session.JDBCStore"
dataSourceName="jdbc/sessionDB"
localDataSource="true"
sessionAppCol="app_name"
sessionDataCol="session_data"
sessionIdCol="session_id"
sessionLastAccessedCol="last_access"
sessionMaxInactiveCol="max_inactive"
sessionTable="user_sessions"
sessionValidCol="valid_session"
/>
</Manager>
On 24/4/2025 7:45 pm, Mark Thomas wrote:
On 24/04/2025 02:02, Zoran Avtarovski wrote:
We have a cluster of tomcat servers on AWS EC2 which operate behind
an AWS load balancer with sticky sessions.
We have our session storage on a DB using a JDBC store which for the
most part is working well, but we occasionally see duplicate session
ids which create issues where a new session with a duplicate session
id hijacks an existing session.
What do you mean by a duplicate session?
What causes this situation.
As you can imagine we would like to prevent this from occurring and
have been looking into the issue. It looks like using the cluster tag
might be the solution but I wanted to tap into the collective wisdom
of the group on the best way forward. We can't just add the
|<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> |
That could be quite a big change.
Mark
tag as it uses ip multicast which doesn't work in EC2 as there is no
physical broadcast layer. The alternative appears to be to use the
StaticMemebrshipService and I wanted to confirm if my config ideas
are correct? I have the following setup:
<Membership
className="org.apache.catalina.tribes.membership.StaticMembershipService">
<Member
className="org.apache.catalina.tribes.membership.StaticMember"
host="10.0.1.11" port="4004"
uniqueId="{0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}"/>
<Member
className="org.apache.catalina.tribes.membership.StaticMember"
host="10.0.1.12" port="4004"
uniqueId="{1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,1}"/>
</Membership>
Does this look right to others and do I need a separate Member tag
for each member of the cluster?
I'd appreciate any assistance on this and other suggestions you guys
may have.
Z.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
