http://randomcoder.com/articles/jsessionid-considered-harmful
On Thu, Apr 1, 2010 at 7:39 AM, Andrew Bruno <andrew.br...@gmail.com> wrote: > Thanks for the pointers to the jMeter AJP client and also the URL session & > jvm route idea. > > If I used the jSession idea, I am assuiming I could filter apache on "." + > jvmRoute ... right? and redirect to relevant AJP/Tomcat. > > > > On Thu, Apr 1, 2010 at 1:11 AM, Christopher Schultz < > ch...@christopherschultz.net> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Andrew, >> >> On 3/31/2010 3:02 AM, Andrew Bruno wrote: >> > I would like to split the web app up, so that the front end server has >> > smarts to know which backend tomcat server to redirect to. >> > >> > As far as I know, Apache AJP can be configured to redirect to different >> > tomcat backend servers by implementing rules, ideally URL based. But >> for >> > me, the URL is always the same. >> > >> > So, I was wondering if there was a way to code an AJP client inside a >> front >> > end tomcat server, so that I could redirect to whatever backend server >> the >> > business rules decided. >> >> You can force Apache httpd to direct a request to a particular backend >> Tomcat server by putting a specially-crafted jsessionid into the URL. If >> you don't use cookies to track the session for these requests, you >> should be able to create a URL like this: >> >> URL + ";jsessionid=" + sessionId + "." + jvmRoute + "?" + queryString >> >> Would something like this work for you? >> >> - -chris >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.10 (MingW32) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ >> >> iEYEARECAAYFAkuzV/kACgkQ9CaO5/Lv0PBfPQCgutR+7yGVAYI3MbKkMM1u5Rlp >> KzUAnjojlVj4Z6rJinYPVvQ1OV4590Ar >> =qOiH >> -----END PGP SIGNATURE----- >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >
