[mod_cluster-issues] [JBoss JIRA] (MODCLUSTER-461) If Session ID key stored in URL contains sticky session cookie name it it used for routing
Radoslav Husar (JIRA)
issues at jboss.org
Thu Jul 30 08:24:03 EDT 2015
[ https://issues.jboss.org/browse/MODCLUSTER-461?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13094213#comment-13094213 ]
Radoslav Husar commented on MODCLUSTER-461:
-------------------------------------------
The problem can be tracked down to original Apache httpd get_path_param function, which makes use of strstr() to locate the path element. This is indeed wrong and violates RFC.
Also tested this for Cookie-s, the wrongly named cookie is not being picked up by get_cookie_param.
This original problem would not have been even noticed, if modcluster first parsed the cookies which is more common way of specifying the jsession id, fixing in opened MODCLUSTER-462.
On related note, the path_param didn't treat colons correctly either, fixing by MODCLUSTER-285.
> If Session ID key stored in URL contains sticky session cookie name it it used for routing
> ------------------------------------------------------------------------------------------
>
> Key: MODCLUSTER-461
> URL: https://issues.jboss.org/browse/MODCLUSTER-461
> Project: mod_cluster
> Issue Type: Bug
> Components: Native (httpd modules)
> Affects Versions: 1.2.9.Final, 1.3.1.Final
> Environment: Using the stock mod_cluster configuration shipped with EWS/JWS and EAP.
> Enterprise Web Server 2.x and 3.x
> JBoss EAP 6.3 and 6.4
> Used Tomcat sample application.
> Reporter: Robert Bost
> Assignee: Radoslav Husar
> Labels: stickysession
>
> If I make a request with a valid JSESSIONID cookie and a URL like below, the value from the URL is used by mod_cluster for sticky session routing:
> {{curl -b "JSESSIONID=OTg+mUVLRceO2bqRIcsSJmlm.4e6189af-0502-3305-8ff3-fad7fee8b516" -v 'http://myserver/sample/hello.jsp;not.really.jsessionid=oops'}}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the mod_cluster-issues
mailing list