为每个请求生成新的会话ID [英] New session ID generated for each request

问题描述

问题摘要:

为我的应用程序中的每个请求生成新的会话ID，但仅在Google Cloud Container Engine基础结构中生成.

根本原因:

我找到了问题的根本原因.为Ingress设置的会话相似性无法正常运行.创建方法如下:

1. 我正在创建具有2个副本的部署(带有servlet的基本Java应用程序)
2. 我正在按此处中所述创建NodePort服务. (但使用YAML)
3. 我正在使用YAML创建Ingress控制器
4. 我正在通过Google Cloud Console向Ingress添加基于cookie的会话亲和力

这是在浏览器中刷新页面时得到的信息(POD名称添加在"[]"内):

[app-deployment-428779295-3xq7f] Session created: node01peqkxiewv08i1hkh0zonc8fmw0
[app-deployment-428779295-lp1r2] Session created: node017hf0svs0n6u816virgk4qkxk40
[app-deployment-428779295-3xq7f] Session created: node030t1v2oamg3p1x3tw55m2tdno1
[app-deployment-428779295-3xq7f] Session exists: node030t1v2oamg3p1x3tw55m2tdno1
[app-deployment-428779295-lp1r2] Session created: node0drzofij3ljx1tgn2z3dcj12y1
[app-deployment-428779295-lp1r2] Session exists: node0drzofij3ljx1tgn2z3dcj12y1
[app-deployment-428779295-lp1r2] Session exists: node0drzofij3ljx1tgn2z3dcj12y1
[app-deployment-428779295-3xq7f] Session created: node01wlgfm248y7f3fagzuu3thga82
[app-deployment-428779295-lp1r2] Session created: node0qiqpch5b1u4g1lvbphkj3djqh2
[app-deployment-428779295-lp1r2] Session exists: node0qiqpch5b1u4g1lvbphkj3djqh2
[app-deployment-428779295-lp1r2] Session exists: node0qiqpch5b1u4g1lvbphkj3djqh2
[app-deployment-428779295-3xq7f] Session created: node01gfdfatrj0premffkwywc5ori3

问题是-如何解决?

原始问题描述:

• Spring MVC应用程序(也已在具有相同结果的简单servlet上进行了测试，因此并非如此)
• 在码头9.4.6 docker映像上运行(默认配置；在tomcat 8.5.15 docker映像上也发生)
• 应用程序部署为ROOT.war
• 应用程序通过Ingress负载平衡，HTTPS和基于cookie的会话亲和力部署在2个节点(2个POD)上.
• 设置显式cookie域和路径无济于事.
• 由应用程序管理的其他Cookie可以正常工作

当我从jetty-maven-plugin或本地从docker映像运行它时，不会发生此问题.

还有其他人遇到这样的问题吗?

解决方案

目前，我仅保留1个副本并设置了sessionAffinity: None(默认设置)即可解决问题，但这对可伸缩应用程序无济于事. /p>

我想到的第一个解决方案是制作一个Redis pod，并在spring应用程序中将其配置为会话持有人，然后离开sessionAffinity: None，因为我没有将安全上下文保存在pod内存中，而是将其保留在我的Redis数据库中，因此，哪个spring应用程序pod将处理该请求无关紧要，因为它可以通过查询Redis数据库来识别会话.这样，您将不会受到部署基础结构的限制.您可以查看此指南

第二种解决方案是通过将OAuth2实现与授权服务器一起使用来配置无会话复制，并将您的spring应用程序配置为客户端，但这已经是一个更复杂的解决方案，并且需要更多工作.

Problem summary:

New session ID is generated for each request in my application, but only within Google Cloud Container Engine infrastructure.

Root cause:

I found the root cause of the problem. The session affinity set for Ingress does not work as I expected. Here is how it's created:

1. I'm creating deployment with 2 replicas (basic java application with servlets)
2. I'm creating NodePort service as described here (but using YAML)
3. I'm creating Ingress controler using YAML
4. I'm adding a cookie based session affinity to Ingress via Google Cloud Console

And here is what I get when I'm refreshing the page in a browser (POD name is added inside "[]"):

[app-deployment-428779295-3xq7f] Session created: node01peqkxiewv08i1hkh0zonc8fmw0
[app-deployment-428779295-lp1r2] Session created: node017hf0svs0n6u816virgk4qkxk40
[app-deployment-428779295-3xq7f] Session created: node030t1v2oamg3p1x3tw55m2tdno1
[app-deployment-428779295-3xq7f] Session exists: node030t1v2oamg3p1x3tw55m2tdno1
[app-deployment-428779295-lp1r2] Session created: node0drzofij3ljx1tgn2z3dcj12y1
[app-deployment-428779295-lp1r2] Session exists: node0drzofij3ljx1tgn2z3dcj12y1
[app-deployment-428779295-lp1r2] Session exists: node0drzofij3ljx1tgn2z3dcj12y1
[app-deployment-428779295-3xq7f] Session created: node01wlgfm248y7f3fagzuu3thga82
[app-deployment-428779295-lp1r2] Session created: node0qiqpch5b1u4g1lvbphkj3djqh2
[app-deployment-428779295-lp1r2] Session exists: node0qiqpch5b1u4g1lvbphkj3djqh2
[app-deployment-428779295-lp1r2] Session exists: node0qiqpch5b1u4g1lvbphkj3djqh2
[app-deployment-428779295-3xq7f] Session created: node01gfdfatrj0premffkwywc5ori3

The question is - how to fix it?

Original problem description:

• Spring MVC application (tested also on simple servlet with the same results, so this is not the case)
• Running on jetty 9.4.6 docker image (default configuration; happens also on tomcat 8.5.15 docker image)
• Application deployed as ROOT.war
• Application is deployed on 2 nodes (2 PODs) with Ingress load balacing, HTTPS and cookie-based session affinity.
• Setting explicite cookie domain and path does not help.
• Other cookies managed by application are working just fine

The problem does not occur when I run it from jetty-maven-plugin or from docker image locally.

Have anybody else encounter such an issue?

解决方案

I fixed my problem at the moment by leaving only 1 replica and set sessionAffinity: None (which is default), but this is not helpful for scalable applications.

The first solution I was thinking was to make a Redis pod and configure it in my spring application as the session holder, then I leave the sessionAffinity: None because I'm not holding the security context in my pod memory, instead I'm leaving it in my Redis database and because of this it doesn't matter which spring application pod will process the request because it can identify the session by interrogating the Redis database. By doing this, you are not going to be limited by the deployment infrastructure. You can check out this guide.

The second solution is to configure a sessionless aplication by using a OAuth2 implementation with an authorization server and configure your spring application as the client, but this is already a more complicated solution and requires more work.

这篇关于为每个请求生成新的会话ID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！