users@glassfish.java.net

Re: GlassFish v3, mod_jk and sticky sessions on http & https

From: Jan Luehe <Jan.Luehe_at_Sun.COM>
Date: Thu, 25 Feb 2010 09:46:18 -0800

On 02/25/10 12:23 AM, glassfish_at_javadesktop.org wrote:
> So the sessions are maintained when switching to https if there is no load balacing. Are the sessions maintained with mod_jk + glassfish + load balancing for you if there is no switching http <-> https? Trying to determine if the issue is with mod_jk ssl or session/load balancing you have.
>
> I assume you've set up your config as explained in
>
> http://blogs.sun.com/jluehe/entry/supporting_apache_loadbalancer_with_glassfish
>
> "List each GlassFish instance, including the port number of its mod_jk connector, in Apache's workers.properties configuration file. Make sure that the name of each worker equals the value of the jvmRoute system property of the GlassFish instance to which the worker connects. This convention makes it possible for an HTTP session to remain sticky to the GlassFish instance on which the session was created, or on which the session was last resumed. "
>

A few additional things to consider:

1. Is the session established as part of the login (over https), or do
you already have a session established over http prior to the login?

2. Is your LB properly configured to forward any SSL related info to
the backend, so that the backend can determine whether the original
request (between the client and the LB) came in over http or https?

3. The above distinction is important because it affects the "secure"
attribute of the cookie used for session tracking purposes: If the
request that initiated the session came in over http, the cookie will
not be marked as secure, whereas if the request came in over https,
then the cookie will be marked as secure.

4. A cookie marked as secure will not be included with subsequent
non-secure (that is, http) requests.


Jan


> [Message sent by forum member 'amyroh' (amyroh_at_sun.com)]
>
> http://forums.java.net/jive/thread.jspa?messageID=388581
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>