Solved: Re: CSM inserted cookie - session or persistant

d-fillmore · ‎08-29-2006

Hi,

I am working on a requirement to load balance http requests to IBM WebSphere Application servers. Each server is configured on the CSM as one real server, but in reality there are several instances of the program running within the server. These instances are fault tolerant, so that if one of them should fail, another instance within the same server can take over and maintain the session. We currently stick clients based on the jsessionid. The problem with this is that if the instance within the server fails and another takes over, it will use a different cookie, and the stickyness is lost. Our requirement is to maintain stickyness to the same real server should an instance of the application fail. We have tried using the HTTP cookie insert feature, but this appears to be a persistant cookie that expires in 2010. We need this to be a session cookie (expires when the client's browser closes). I have seen this URL - http://www.cisco.com/en/US/partner/products/hw/switches/ps708/module_installation_and_configuration_guides_chapter09186a0080463841.html#wp1050708 which states that the CSM-S module will insert a session cookie. I know that the CSM inserts a persistant cookie. Can anyone tell me whether the cookie inserted by the CSM-S module is definitely a session cookie or not. Also, does anyone have any ideas as to how else I can resolve this issue. Many thanks in advance

Gilles Dufour · ‎08-29-2006

The browser itself controls if it wants to keep a copy of the cookie for the session only if it want to save it.

The only thing the server, or CSM, can do is set an expiration date.

You can change the expiration to another static date if you think 2010 is too far away.

This is done with a variable.

Do a 'sho mod csm x var' to see which variable it is.

CSM-S is just a CSM with an on-board SSL module. So they act the same in this matter.

Also, even if it was a "session" cookie, I do not see how it would solve your issue.

If the client comes back with no cookie, it will not be sent to another instance of the same server - it will simply be loadbalanced among all the available servers.

What you would need is more like a cookie shared by all instances of the application on a particular server.

Then the CSM could match on the cookie to select a serverfarm that would only use instances running on this server.

Do you have the possibility to insert a static cookie in your application ?

Gilles.

View solution in original post

Gilles Dufour · ‎08-29-2006

The browser itself controls if it wants to keep a copy of the cookie for the session only if it want to save it.

The only thing the server, or CSM, can do is set an expiration date.

You can change the expiration to another static date if you think 2010 is too far away.

This is done with a variable.

Do a 'sho mod csm x var' to see which variable it is.

CSM-S is just a CSM with an on-board SSL module. So they act the same in this matter.

Also, even if it was a "session" cookie, I do not see how it would solve your issue.

If the client comes back with no cookie, it will not be sent to another instance of the same server - it will simply be loadbalanced among all the available servers.

What you would need is more like a cookie shared by all instances of the application on a particular server.

Then the CSM could match on the cookie to select a serverfarm that would only use instances running on this server.

Do you have the possibility to insert a static cookie in your application ?

Gilles.

d-fillmore · ‎08-30-2006

Hi Gilles, Many Thanks for your response.

After investigating this further, I have read that if the cookie has no expiration date, then it will be deleted when the browser is closed (what I meant by a session cookie). Maybe this could be implemented by setting the cookie expiration date to all zeros on the CSM?

If you agree, would you mind letting me know the syntax to set the this on the CSM?

To clarify the requirement further, we want to use the jsessionid cookie to maintain persistance to the correct instance of the application within the real server, and use the CSM inserted cookie to maintain persistance to the same real server. The idea being that if an instance of the application were to fail, the clients requests would still stick to same real server (by virtue of the CSM cookie) and another instance of the program within the same real server could continue the session.

Thanks for clarifying my point about the CSM & CSM-S

Gilles Dufour · ‎08-30-2006

ok, then you can do this

conf t

mod csm X

variable COOKIE_INSERT_EXPIRATION_DATE ""

I just tested it and it seems to work - the cookie is not saved by the browser and is only being used as long as the browser is alive.

How do you plan to do the matching on the first cookie and then on the 2nd ?

Is the JSESSIONID static or does it have a static portion that is different for each server ?

Gilles.

d-fillmore · ‎08-30-2006

Thanks for that. I'm not sure how we plan to match on the first or the second cookie.

I myself have asked the question as to whether the JSESSIONID has a string in it that is common to each real server, as it would be easier to match a portion of that than to use an additional cookie.

Thank you very much for your help =)