Hi Rainer,
As we discussed recently, using a Tomcat Valve or a Filter to detect
invalidated session could be a good approach.
Can I have your feeling about such a Tomcat filter :
If session is invalid (or new)
- Set sendRedirect attribute of HtppResponse at the same value of
current HttpRequest path
- Invalidating the cookie
- Send Response
This filter would have to be active on disabled workers.
So when the request is (re)send by browser, mod_jk doesn't detect any
session informations and route the request to an active worker (so new
application version).
In this way, it will be transparent for the users.
Best wishes,
Anthony
Source code exemple :
if (started && session.isNew()) {
// invalidating the jsessionid cookie
// set a new session cookie
Cookie newCookie = new Cookie("JSESSIONID", "");
newCookie.setMaxAge(0);
String contextPath = ((HttpServletRequest) request)
.getContextPath();
if ((contextPath != null) && (contextPath.length() > 0)) {
newCookie.setPath(contextPath);
} else {
newCookie.setPath("/");
}
if (request.isSecure()) {
newCookie.setSecure(true);
}
((HttpServletResponse) response).addCookie(newCookie);
// set sendRedirect response
((HttpServletResponse) response)
.sendRedirect(((HttpServletRequest) request)
.getContextPath()
+ ((HttpServletRequest)
request).getServletPath());
return;
}
Rainer Jung wrote:
Hi Anthony,
Anthony Vromant schrieb:
Here is the explanation about the session validity checking :
This test aims to have users with expired sessions and URL encoded
bookmarks
(or long running browsers with cookies cached) redirected to a node
hosting the new version of the application.
If this test is not done during the update, these users will start a new
session on a
node hosting the old version of application (and so, perhaps just before
the stop of these node).
Do you agree with this ?
Ah OK, yes I agree. You could use a filter (or Valve) to redirect
requests with an invalid session to the login page without URL encoding
and invalidating the cookie. That way you would destroy the invalid
binding to this node.
If we would try to do that with mod_jk directly, mod_jk would need to
have a shadow copy of the session list, something which doesn't sound
right. OK, mod_jk could ask tomcat about the session, but we can also
simply forward and let the node delete the binding.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
