cookie-less sessions

From: Hank A. Paulson <hap#spamproof.nospammail.net>
Date: Fri, 05 Aug 2011 14:13:54 -0700


I am going around again about cookie-less sessions and just want to double check that nothing works for them :)

In 1.5 there is the stick on url param option, but afaict this and everything else won't work in a situation where you have two things: 1 - clients that don't support cookies.
2 - servers that don't share session info.

The problem is a user goes to a server via round robin or some other algo, they arrive at server 3. Server #3 creates session X and redirs (somehow) that user to a page with a url param with jsid=X. The user goes to that url, but haproxy has no way to remember which server served that session and gave it the session id of X, so it decides to send the request to server #5, of course server #5 has no idea about session X and creates session Y and replies with a url param of jsid=Y.

I have this "working" on 1.4 with appsession hashing, only because haproxy spins the user through several sessions (as described above) until one of them finally hashes to go to the same server as the previous session id, then it sticks - for a while and then when there is a long url param before the session id it switches, not sure why yet. Not perfect but better than hash by source since the bulk of the traffic is coming from a single ip proxy upstream and causes one server to be massively overloaded.

Thanks for any ideas or confirmation that this is not solvable. Received on 2011/08/05 23:13

This archive was generated by hypermail 2.2.0 : 2011/08/05 23:30 CEST