IBM

10.7 Session affinity

The Servlet 2.4 specification requires that an HTTP session be:

- Accessible only to the Web application that created the session

The session ID, but not the session data, can be shared across Web applications.

- Handled by a single JVM for that application at any one time

In a clustered environment, any HTTP requests associated with an HTTP session must be routed to the same Web application in the same JVM. This ensures that all of the HTTP requests are processed with a consistent view of the user's HTTP session. The exception to this rule is when the cluster member fails or has to be shut down.

WebSphere is able to assure that session affinity is maintained in the following way: Each server ID is appended to the session ID. When an HTTP session is created, its ID is passed back to the browser as part of a cookie or URL encoding. When the browser makes further requests, the cookie or URL encoding will be sent back to the Web server. The Web server plug-in examines the HTTP session ID in the cookie or URL encoding, extracts the unique ID of the cluster member handling the session, and forwards the request.

This can be seen in Figure 10-6, where the session ID from the HTTP header, request.getHeader("Cookie"), is displayed along with the session ID from session.getId(). The appserver ID is appended to the session ID from the HTTP header. The first four characters of HTTP header session ID are the cache identifier that determines the validity of cache entries.

Figure 10-6 Session ID containing the server ID and cache ID

The JSESSIONID cookie can be divided into four parts: cache ID, session ID, separator, clone ID, and partition ID (new in V6). JSESSION ID will include a partition ID instead of a clone ID when memory-to-memory replication in peer-to-peer mode is selected. Typically, the partition ID is a long numeric number.

Table 10-1 shows their mappings based on the example in Figure 10-6. A clone ID is an ID of a cluster member.

Table 10-1 Cookie mapping

content value in the example
Cache ID 0000
Session ID SHOQmBQ8EokAQtzl_HYdxIt
separator :
Clone ID vuel491u

The appserver ID can be seen in the Web server plug-in configuration file, plug-in-cfg.xml file.

Example 10-4 Server ID from plugin-cfg.xml file 

<?xml version="1.0" encoding="ISO-8859-1"?><!--HTTP server plugin config file for the cell amsterdamCell generated on 2004.10.15 at 07:21:03 PM BST-->
<Config>
......
   <ServerCluster Name="MyCluster">
      <Server CloneID="vuel491u" LoadBalanceWeight="2" Name="NodeA_server1">
        <Transport Hostname="wan" Port="9080" Protocol="http"/>
        <Transport Hostname="wan" Port="9443" Protocol="https">
    ......
</Config>

Session affinity can still be broken if the cluster member handling the request fails. To avoid losing session data, use persistent session management. In persistent sessions mode, cache ID and server ID will change in the cookie when there is a failover or when the session is read from the persistent store, so do not rely on the value of the session cookie remaining the same for a given session.

Redbooks ibm.com/redbooks

Next