appsession not working in url (1.3.22, 1.3.24)

From: Michael Rennt <m.rennt#gmx.net>
Date: Fri, 09 Apr 2010 18:04:01 +0200


Hi,

according to http://haproxy.1wt.eu/knownbugs-1.3.html the bug "(M) appsession lookup in URL does not work" is true up to 1.3.14.2.

I'm currently testing the "appsession" feature with 1.3.22, 1.3.24 and 1.4.4.

Only 1.4.4 seems to work the way the documentation suggests, using the following test config:

global

        log /dev/log  daemon debug
        pidfile /var/run/haproxy.pid
        maxconn 8192
        user haproxy
        group haproxy

defaults
        log global
        retries 3
        option  redispatch
        maxconn 8192

frontend my-frontend x.x.x.x:80
        mode http
        log     /dev/log        daemon info
        option  httplog
        option  dontlognull
        option httpclose

        default_backend my-backend

backend my-backend
        mode http
        option httpclose

#balance roundrobin
#balance url_param JSESSIONID check_post
#cookie JSESSIONID prefix
appsession JSESSIONID len 10 timeout 3h request-learn mode query-string server s01 x.x.x.10:80 cookie AAAAAA check inter 5000 weight 22 server s02 x.x.x.20:80 cookie BBBBBB check inter 5000 weight 22

("mode query-string" only used with 1.4.4, "cookie xxxx" are remains from the "cookie" parameter)

My test script is setting a cookie. I call it with http://test/cookie.php?JSESSIONID=xxxxx

Dumping the hash table with 1.4.4 shows a "get_srv_from_appsession" for the appsession in the get string and a "manage_server_side_cookies" for the cookie from the server (at least that's what I guess).

With 1.3.22 and .24 I just get the "manage_server_side_cookies". When I constantly deny the cookie, the requests are round robbed, while with 1.4.4 they are sticky from the first request on, because the url appsession lookup in the url is working.

Will this be fixed in 1.3.x or do you suggest to upgrade to 1.4?

I know about the drawbacks of appsession, i.e. in memory hash lost on reload or failover. Will there be some kind of hash table dump and failover to another system?

Why am I even thinking about using appsession? I'm testing appsession because this seems to be the best way to overcome stickiness problems which might occur with "cookie" + "balance url_param" (see commented out part in the config) on the very first request of a new user. Maybe there's an option to this?
The problem I'm seeing: With "cookie" + "balance url_param" the very first request will be round robbed, if both cookie and url_param are not present. So if a user has cookies disabled, after the first request, the user will click on a link, which includes his session ID as a parameter. So with "balance url_param" the value of the session ID will be hashed and the user might end up on a different server, hence information created locally on the system of the first request will be unavailable. Further requests will be directed to the same system. I know, in a cluster user related data should be kept redundant, but in this case this is not an option.

Best regards,

Michael Received on 2010/04/09 18:04

This archive was generated by hypermail 2.2.0 : 2010/04/09 18:15 CEST