如何将没有cookie的2个后续请求分发到同一个JBoss节点? [英] How to dispatch 2 subsequent requests without a cookie to the same JBoss node?
问题描述
如何从同一个客户端向同一个 JBoss
节点发送没有cookie的2个后续请求?
How to dispatch 2 subsequent requests without a cookie from the same client to the same JBoss
node?
我有一个多节点设置 Apache
, JBoss7
(负载平衡
,粘性会话
和 SSO
)和 Tomcat
。以下是场景:
I have a multi-node setup with Apache
, JBoss7
(with load balancing
, sticky session
and SSO
) and Tomcat
. Here is the scenario:
- 用户在浏览器上输入 https:/// myapp b $ b
- 负载平衡器将其分发到 myapp.ear 文件上的
。 - 由于尚未进行身份验证, myapp 会加载未受保护的
client_redirect.jsp
资源,JSESSIONID
并返回到客户端。 HTTP响应具有头Set-Cookie:JSESSIONID = 1234_ .node1; Path = / myapp
- 浏览器中加载了下面的空页面*
onload
事件处理程序会将网址更改为 https:/// home /?app = myapp ,并发送另一个请求。不过, IT不包含JSESSIONID Cookie - 服务器接收到第二个请求,由于循环策略,将其分派到 node2 > main.ear 文件
- 主加载未受保护的
login.jsp
资源创建另一个JSESSIONID
并返回到客户端。 HTTP响应具有SET-COOKIE头Set-Cookie:JSESSIONID = 5678_.node2; Path = /
- 登录页面已加载,但现在我们在浏览器上有2个JSESSIONID COOKIES,指向不同的节点当我们重定向到
https://< ip> / myapp
时,会导致登录后出现SSO
/ li>
- User enters https:///myapp on the browser
- Load balancer dispatches it to node1, on the myapp.ear file.
- Since there is no authentication yet, myapp loads the unprotected
client_redirect.jsp
resource, which creates aJSESSIONID
and returns to the client. The HTTP Response has the headerSet-Cookie:JSESSIONID=1234_.node1; Path=/myapp
- The "empty" page below* is loaded on the browser; the
onload
event handler changes the URL to https:///home/?app=myapp and another request is sent. HOWEVER, IT DOES NOT CONTAIN THE JSESSIONID cookie - server receives the 2nd request and, due to round-robin policy, dispatches it to node2, on main.ear file
- main loads the unprotected
login.jsp
resource, which creates anotherJSESSIONID
and returns to the client. The HTTP Response has the SET-COOKIE header asSet-Cookie:JSESSIONID=5678_.node2; Path=/
- Login page is loaded, but now we have 2 JSESSIONID COOKIES on the browser, pointing to different nodes, which will lead to
SSO
issues after login, when we redirect tohttps://<ip>/myapp
again
*空client_redirect页面:
* "Empty" client_redirect page:
<html>
<script type="text/javascript">
window.onload = function() {
window.location.replace('../../home/?app=myapp');
}
</script>
</html>
推荐答案
这里是朋友建议的解决方案:
Here is the solution a friend suggested:
我们不需要2 JSESSIONID
cookie,所以我们不应该在第一位创建它们。 myapp 应如下设置 web.xml
文件,因此主和 myapp 可以共享同一个会话。
We don't need 2 JSESSIONID
cookies, so we shouldn't create them in the 1st place. myapp should setup the web.xml
file as follow, so both main and myapp can share the same session.
<session-config>
<cookie-config>
<path>/</path>
</cookie-config>
</session-config>
相关链接:
- Session cookie path in JBoss 6
- Sharing session data between contexts in Tomcat
这篇关于如何将没有cookie的2个后续请求分发到同一个JBoss节点?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!