[mod_cluster-issues] [JBoss JIRA] (MODCLUSTER-268) emptySessionPathed JSESSIONID.jvmRoute cookies results in requests being improperly sent to mod_cluster workers

emptySessionPathed JSESSIONID.jvmRoute cookies results in requests being improperly sent to mod_cluster workers --------------------------------------------------------------------------------------------------------------- Key: MODCLUSTER-268 URL: https://issues.jboss.org/browse/MODCLUSTER-268 Project: mod_cluster Issue Type: Bug Security Level: Public(Everyone can see) Affects Versions: MOD_CLUSTER_1_0_10_GA_CP01 Environment: JBoss EAP 5.1.1 EWS 1.0.2 MOD_CLUSTER 1.0.10.GA_CP01 Reporter: Aaron Ogburn Assignee: Jean-Frederic Clere Priority: Minor Fix For: MOD_CLUSTER_1_0_10_GA_CP03 Empty session paths can result in requests being sent to mod_cluster workers that shouldn't be. For example, if a request for apache-served static content has an applicable JSESSIONID (either because the path matches the context or its an empty path and matches everything) with a route valve appended to it, then the static content request is directed to the mod_cluster balancer, resulting in 503s and "All workers are in error state". So it looks like the presence of a jsessionid.jvmroute cookie causes apache/mod_cluster to improperly route the request even if its a context not handled by any mod_cluster workers.