We're using Apaches(2.2.4) mod_proxy and mod_proxy_balancer to loadbalance Tomcats(5.5) using mod_proxy_ajp, and found a problem getting both cookie- based and url-rewriting based session-ids to be 'sticky' for mod_proxy_balancer. The Servlet Spec(see i.e.: http://www.jcp.org/aboutJava/communityprocess/final/jsr053/ ), in section 7, binds Servlet Containers to use an uppercase param 'JSESSIONID' to hold the sessionid in cookies, but a lowercase 'jsessionid' if using url-rewriting(used when cookies are disabled). And thats exactly what the Tomcats do. Now, if we have defined stickysession to be 'JSESSIONID' in the ProxyPass directive, i.e. like this: ProxyPass /me/pub/ balancer://ME-Test/me/pub/ stickysession=JSESSIONID we observe the stickysession feature to work with cookies, but not with url- rewriting. If we define stickysession to use the lowercase variant, like this: ProxyPass /me/pub/ balancer://ME-Test/me/pub/ stickysession=jsessionid it's just the other way round: url-rewriting is working, but cookies are not. mod_proxy_balancer uses the value stickysession is set to in a case-sensitive way for both cookie-based and url-based session-ids, thus being unable to cope with the different cases of 'jsessionid' defined as mandatory by the Servlet Spec. This can be seen in the mod_proxy_balancer.c source in get_path_param() and get_cookie_param(). What we did to circumvent the problem was to patch mod_proxy_balancer.c like this: -------------------------- --- mod_proxy_balancer.c.ORIG 2005-11-10 16:20:05.000000000 +0100 +++ mod_proxy_balancer.c 2006-01-31 18:03:56.000000000 +0100 @@ -111,9 +111,17 @@ const char *name) { char *path = NULL; + char *session_id = NULL; + int i; + session_id= apr_pstrdup(pool, name); + /* Change 'JSESSIONID' to 'jsessionid' to match the value in the url */ + if (isupper(name[0])) { + for (i=0;i<=strlen(session_id);i++) + session_id[i] = tolower(session_id[i]); + } - for (path = strstr(url, name); path; path = strstr(path + 1, name)) { - path += (strlen(name) + 1); + for (path = strstr(url, session_id); path; path = strstr(path + 1, session_id)) { + path += strlen(session_id); if (*path == '=') { /* * Session path was found, get it's value -------------------------- (found here: http://mail-archives.apache.org/mod_mbox/httpd-users/200603.mbox/% 3c9B4E37DCB8D57D408FF960B536F0E5274330E6@ms01012.avinci.de%3e ) Although that fixed the problem for us, I do not request to apply exactly this patch to the mod_proxy_balancer.c source(because it's rude in a way that it only looks for the lowercase identifier in the URL if an uppercase one is configured), but I think mod_proxy_balancer.c has to be changed so that either: - it is handling the stickysession identifier in an overall case-insensitive way, or at least - it could additionally look for the lowercase variant in get_path_param(), if an uppercase one is configured and not found in the URL
After thinking to it the best way seems to allow 2 parameters separated with a | Like: ProxyPass balancer://mycluster/myapp stickysession=JESSSIONID|jsessionid
Created attachment 20480 [details] patch for the httpd-2.2.x Patch for the 2.2.x branch.
This was committed to trunk in this series of patches: http://svn.apache.org/viewvc?view=rev&rev=550519 http://svn.apache.org/viewvc?view=rev&rev=551099 http://svn.apache.org/viewvc?view=rev&rev=551126 http://svn.apache.org/viewvc?view=rev&rev=551935 http://svn.apache.org/viewvc?view=rev&rev=554892 and backported to 2.2.x here: http://svn.apache.org/viewvc?view=rev&rev=557993