如何将没有cookie的2个后续请求分发到同一个JBoss节点？ [英] How to dispatch 2 subsequent requests without a cookie to the same JBoss node?

问题描述

如何从同一个客户端向同一个 JBoss 节点发送没有cookie的2个后续请求？

How to dispatch 2 subsequent requests without a cookie from the same client to the same JBoss node?

我有一个多节点设置 Apache ， JBoss7 （负载平衡，粘性会话和 SSO ）和 Tomcat 。以下是场景：

I have a multi-node setup with Apache, JBoss7 (with load balancing, sticky session and SSO) and Tomcat. Here is the scenario:

1. 用户在浏览器上输入 https：/// myapp b $ b
2. 负载平衡器将其分发到 myapp.ear 文件上的 。


3. 由于尚未进行身份验证， myapp 会加载未受保护的 client_redirect.jsp 资源， JSESSIONID 并返回到客户端。 HTTP响应具有头 Set-Cookie：JSESSIONID = 1234_ .node1; Path = / myapp


4. 浏览器中加载了下面的空页面* onload 事件处理程序会将网址更改为 https：/// home /？app = myapp ，并发送另一个请求。不过， IT不包含JSESSIONID Cookie


5. 服务器接收到第二个请求，由于循环策略，将其分派到 node2 > main.ear 文件


6. 主加载未受保护的 login.jsp 资源创建另一个 JSESSIONID 并返回到客户端。 HTTP响应具有SET-COOKIE头 Set-Cookie：JSESSIONID = 5678_.node2; Path = /


7. 登录页面已加载，但现在我们在浏览器上有2个JSESSIONID COOKIES，指向不同的节点当我们重定向到 https：//< ip> / myapp 时，会导致登录后出现 SSO / li>
   

1. User enters https:///myapp on the browser
2. Load balancer dispatches it to node1, on the myapp.ear file.
3. Since there is no authentication yet, myapp loads the unprotected client_redirect.jsp resource, which creates a JSESSIONID and returns to the client. The HTTP Response has the header Set-Cookie:JSESSIONID=1234_.node1; Path=/myapp
4. The "empty" page below* is loaded on the browser; the onload event handler changes the URL to https:///home/?app=myapp and another request is sent. HOWEVER, IT DOES NOT CONTAIN THE JSESSIONID cookie
5. server receives the 2nd request and, due to round-robin policy, dispatches it to node2, on main.ear file
6. main loads the unprotected login.jsp resource, which creates another JSESSIONID and returns to the client. The HTTP Response has the SET-COOKIE header as Set-Cookie:JSESSIONID=5678_.node2; Path=/
7. Login page is loaded, but now we have 2 JSESSIONID COOKIES on the browser, pointing to different nodes, which will lead to SSO issues after login, when we redirect to https://<ip>/myapp again

*空client_redirect页面：

* "Empty" client_redirect page:

    <html>
        <script type="text/javascript"> 
            window.onload = function() { 
                window.location.replace('../../home/?app=myapp');    
            }
        </script> 
    </html>

推荐答案

这里是朋友建议的解决方案：

Here is the solution a friend suggested:

我们不需要2 JSESSIONID cookie，所以我们不应该在第一位创建它们。 myapp 应如下设置 web.xml 文件，因此主和 myapp 可以共享同一个会话。

We don't need 2 JSESSIONID cookies, so we shouldn't create them in the 1st place. myapp should setup the web.xml file as follow, so both main and myapp can share the same session.

<session-config>
    <cookie-config>
        <path>/</path>
    </cookie-config>
</session-config>

相关链接：

• JBoss 6中的会话Cookie路径


• 在Tomcat的上下文之间共享会话数据

• Session cookie path in JBoss 6
• Sharing session data between contexts in Tomcat

这篇关于如何将没有cookie的2个后续请求分发到同一个JBoss节点？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！