[Clustering/JBoss] - Potential valid session id overlap?
by jowizzle
I have a concern about a simple load balanced setup: a cisco css/vip that handles www.foo.com, and two independent JBoss AS 4.2.2 instances, node1 and node2. Each JBoss is fronted by Apache httpd and mod_jk. The mod_jks are also independent, i.e., they have no knowledge of one another and do not perform load balancing.
Since these two nodes are independent, they would each independently generate a value for the JSESSIONID cookie. Suppose a user Jim logs in and is directed to node1. Node1 generates "abc". Suppose a user Bob logs in and is directed to node2. Node2 also generates abc. Both sessions remain valid. Upon his next request, if Jim were to be directed to node2, would he assume Bob's session?
If not, why not? If so, how does one set up a similar simple load balancing solution? My applications are not distributable, so I have no need for session replication. I want simple sticky sessions.
Thanks very much for any comments, insight or advice.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4118944#4118944
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4118944
18 years, 3 months
[Clustering/JBoss] - HTTP 408 during form login on load balanced cluster -- cook
by jowizzle
I intermittently receive the following error while attempting a JAAS form login to an application on my cluster:
anonymous wrote :
| HTTP Status 408 - The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser.
|
I have a Cisco CSS load balancer that fronts two JBoss AS 4.2.2 nodes. This is not a proper cluster in JBoss terms. The two nodes have no knowledge of one another. The load balancer simply chooses a server (based on IP, not a session cookie) and maintains session affinity.
Here's what I can tell based on my experiences: I access my site at www.foo.com and the css directs me to node 1. I log in and get a JSESSIONID cookie for www.foo.com. I wait some time and, presumably, my session expires. When I attempt to log in again, perhaps I get directed to node2. I am prompted to log in, and after successfully authenticating I receive the 408. Clearing the cookies for the domain and attempting login again seems to solve it. Clearly that's not acceptable to the users.
As a short-term solution, I've disable a node, and there have been no accounts of this error. I have an identically configured test environment where I can attempt to correct this.
Can anyone comment on the situation or the architecture? Any insight is appreciated.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4118937#4118937
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4118937
18 years, 3 months