Results 1 to 5 of 5

Thread: httpSessionContextIntegrationFilter - Need some help understanding it

  1. Jan 14th, 2006, 02:25 AM #1
    suparna
    suparna is offline Junior Member
    Join Date
    Dec 2005
    Posts
    3

    Default httpSessionContextIntegrationFilter - Need some help understanding it

    Hi! I'm still trying to figure out how the httpSessionContextIntegrationFilter work, and the login behaviour incase of a clustered appServer.

    Say I have a load balancer and two application servers, once a user logs in and a session is established on a server, what happens when the user gets sent to the second server for subsequent requests? How is the session propogated by the httpSessionContextIntegrationFilter. Does the user have to re-login?

    Thanks
    Suparna
  2. Jan 14th, 2006, 10:15 AM #2
    ThomasBecker
    ThomasBecker is offline Member
    Join Date
    Sep 2005
    Location
    Germany
    Posts
    95

    Default

    You'll need to either replicate the session between all applications in your cluster, which is possible, but is not as trivial as it sounds. There're lots of things to care about.

    Or you make your user persistence. Therefore you'll need your loadbalancer either identifying your users via some unique http-header or cookie or your loadbalancer needs to inject cookies (SERVERID=server1).
    With this solution your users will stay on the same server, which knows their session. If one server fails, all users on this server will loose their session. But in most cases this disadvantage saves you from many other headaches and torned out hairs.
  3. Jan 25th, 2006, 08:39 PM #3
    Ben Alex
    Ben Alex is offline Senior Member Spring Team
    Join Date
    Aug 2004
    Location
    Sydney, Australia
    Posts
    2,768

    Default

    You could adapt the cookie-based remember-me service to do this, if you didn't want to use HTTP session replication. Most clustered apps I see have (i) sticky load balancing and (ii) no HTTP session replication. It's better to make your load balancer push through requests to the same server as originally handled them, as it saves a lot of overhead in the application server tier.
    Ben Alex
    Project Founder, Spring UAA, Spring Roo and Spring Security
  4. Jan 26th, 2006, 04:43 AM #4
    ThomasBecker
    ThomasBecker is offline Member
    Join Date
    Sep 2005
    Location
    Germany
    Posts
    95

    Default

    Hey Ben,

    I fully agree. And it will save you some headaches. Only disadvantage is, that user's will loose their session if one of the hosts fails. Also any patch, etc. which will need a restart/redeploy of the application might cause user's to loose their sessions once (even with sequential update). But this shouldn't be the case to often.

    Cheers,
    Thomas
  5. Jan 28th, 2006, 02:31 AM #5
    Ben Alex
    Ben Alex is offline Senior Member Spring Team
    Join Date
    Aug 2004
    Location
    Sydney, Australia
    Posts
    2,768

    Default

    It's true that a server failure will cause the user's session to be lost. However, most apps tradeoff this fairly infrequent event for the performance of avoiding HTTP sesson replication.
    Ben Alex
    Project Founder, Spring UAA, Spring Roo and Spring Security
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules