Reputation: 5380
Session Invalidated in JBOSS clustered environment with load balancer and sticky session
We are facing one issue in a Struts application deployed in JBOSS clustered environment with load balancer and sticky session
Issue description
1) This issue happens in a user registration functionality which has 2 pages, register1.do and register2.do page
2) When user clicks on registration url, https://ourwebsite.com/register1.do
Two GET request are made
GET register1.do (Gets 1st registration page and sets few values in session)
GET captcha.do (This loads a captcha image to be shown on register1.do)
3) Sometimes what happens is GET request to register1.do sets a JSESSIONID cookie and the GET request to captcha.do over write JSESSIONID cookie set by first request. This causes problem in 2nd registration page as it fetches some of the values stored in session and as the session is overwritten by captcha no values can be obtained. see below image
4) This scenario does not happen every time, once this issue occurs and if we go back to register1.do page a refresh(F5)/hard refresh (Ctrl + F5) then GET request to captcha.do does not over write JSESSIONID cookie and user registration works fine.
Moreover this happens only in clustered environment, in single JBOSS environment it works fine.
Can anyone please help me to identify what could be possible problem here ?
Why session does not get over written when we do a page refresh ?
Upvotes: 3
Views: 2496
Answers (2)
Reputation: 99
I also experienced the same problem with jboss eap 6.1 and in load balancer i'm going with mod_cluster configuration I changed algorithm from server per session to entry per session and sticky session is working well and good .Go through the following to know about entry per session and server per session.
Entry-per-Session means that the device creates additional client-table entries whenever a source IP opens a new session (unique source port). This gives the unit more accurate tracking of the number of sessions, but it's behavior is to continue sending all the traffic from the client's source IP to the same server.
In Server-per-Session mode, the device tracks the unique source ports the same way, but when the client opens a new session, the device makes a new load-balancing decision for the new session. This way multiple sessions from the same client IP can be 'sprayed' among all the servers rather than being stuck to a single server.
Upvotes: 0
Related Questions
- Resolving Session Fixation in JBoss
- Jboss 5. HttpOnly session cookies
- jboss cluster session replication not working (multiple jsessionid cookies)
- JBoss 7 Load Balancer session replication
- Sticky session not working with multiple apache vhosts and multiple JBoss 7.2 server-groups
- Issue With Jboss Session Management
- Load balancing in JBoss with mod_cluster
- Session management with load balancer in Java EE
- sticky sessions jboss session replication cluster
- JSessionID is overwritten when switching between HTTP and HTTPS. How to solve?