Hello all,

I have been using Pound 1.9 on Linux for a few months now. We use it as a
load-balancer in front of seven application server that use the cookie
JSESSIONID for session tracking (Java based system, Jetty HTTP server).

Strangely using

Session COOKIE JSESSIONID 1800

does not work for us. The initial (login) poage is loaded correctly but a
refresh (GET) or PPOST action causes a session-error because pound routes
the request to a different server. We have been using

Session IP -1

to get passed that. I would prefer using the session cookies though.

Has anyone experienced this and what can I do about it?

Thanks,

Silvio Bierman

We use:
Session         COOKIE JSESSIONID 4000

Here with our coldfusion backends.  It works beautifully.  As long as
the host name remains the same, the cookies should work fine.

Sorry!

Joe
[...]
as a[...]
server).[...]
but a[...]
routes[...]
pound(at)apsis.ch.[...]

Hello Joe,

Thanks for the response. Glad it works for you :-)

Our application returns the HTTP session cookie on the first cookie-less GET
that hits it. Perhaps that is of interest, I don't know. I can just say that
the second request (say a browser refresh on the first page) is routed to a
different backend.

I hope someone has any idea what I could try next.

Regards,

Silvio Bierman


(at) -----Original Message-----
(at) From: Joe Gooch [mailto:mrwizard(at)k12system.com]
(at) Sent: 10 March, 2006 21:11
(at) To: pound(at)apsis.ch
(at) Subject: RE: [Pound Mailing List] Pound 1.9 and Session COOKIE problem
(at)
(at)
(at) We use:
(at) Session         COOKIE JSESSIONID 4000
(at)
(at) Here with our coldfusion backends.  It works beautifully.  As long as
(at) the host name remains the same, the cookies should work fine.
(at)
(at) Sorry!
(at)
(at) Joe
(at)
(at) > -----Original Message-----
(at) > From: Silvio Bierman [mailto:sbierman(at)jambo-software.com]
(at) > Sent: Monday, March 06, 2006 7:23 AM
(at) > To: pound(at)apsis.ch
(at) > Subject: [Pound Mailing List] Pound 1.9 and Session COOKIE problem
(at) >
(at) > Hello all,
(at) >
(at) > I have been using Pound 1.9 on Linux for a few months now. We use it
(at) as a
(at) > load-balancer in front of seven application server that use the
cookie
(at) > JSESSIONID for session tracking (Java based system, Jetty HTTP
(at) server).
(at) >
(at) > Strangely using
(at) >
(at) > Session COOKIE JSESSIONID 1800
(at) >
(at) > does not work for us. The initial (login) poage is loaded correctly
(at) but a
(at) > refresh (GET) or PPOST action causes a session-error because pound
(at) routes
(at) > the request to a different server. We have been using
(at) >
(at) > Session IP -1
(at) >
(at) > to get passed that. I would prefer using the session cookies though.
(at) >
(at) > Has anyone experienced this and what can I do about it?
(at) >
(at) > Thanks,
(at) >
(at) > Silvio Bierman
(at) >
(at) >
(at) > --
(at) > To unsubscribe send an email with subject 'unsubscribe' to
(at) pound(at)apsis.ch.
(at) > Please contact roseg(at)apsis.ch for questions.
(at) >
(at) http://www.apsis.ch/pound/pound_list/archive/2006/2006-03/1141647795000
(at)
(at) --
(at) To unsubscribe send an email with subject 'unsubscribe' to
pound(at)apsis.ch.
(at) Please contact roseg(at)apsis.ch for questions.
(at) http://www.apsis.ch/pound/pound_list/archive/2006/2006-03/11416477
95000/1142021454000

On Mon, 2006-03-13 at 23:08 +0100, Silvio Bierman wrote:[...]

...as it has worked for a lot of people, for a long time.
[...]

The code takes your scenario into account and should deal correctly with
it. Look in the code for a call to upd_session() - that is why it is
there.
[...]

I suggest you check the following:

- check that your browser is allowed to use cookies!

- a refresh is not always a refresh: quite often pages are taken from
caches, rather than accessing the actual server. Check that you do a
real refresh (SHIFT/refresh) and/or disable the cache on your browser,
and that you have no caches (Squid?) between your client and Pound.

- check that the cookie that is returned on log-in matches your session
definition (some applications use several cookies for log-in). The
Firefox LiveHTTPHeaders extension can be very useful here. This would
also help you check that your browser really requests the pages, rather
than using a cached version (GET versus HEAD).

- as a last resort sniff the traffic and post here the results for
others to look at. tcpwatch is a nice logging proxy for that.[...]

The first web request that hits a directory with an Application that
enables session support will create a session and send the cookies to
the browser.  I would surmise the second request, regardless  of the
backend, will send ANOTHER sessionid to your browser.

From coldfusion, I would do the following.

Create a dump.cfm in your directory as follows:
<html><head><title>Dump</title</head><body><cfdump
"#Cookie#"
/></body></html>

On your index.cfm (or similar), add a lines similar to:
<cfset Request.testcookie="CookieTest" />
<cfif IsDefined("Session") and structKeyExists(session, "Sessionid")>
	<cfset Request.testcookie = Request.testcookie&session.sessionid
/>
</cfif>
<cfcookie name="MY_COOKIE_TEST" value="#Request.testcookie#" />

Go to that page.  Verify that MY_COOKIE_TEST is sent to the browser.  Go
to dump.cfm, and verify that the cookie is in your cookie scope.  

If it isn't, then cookies are being ignored by your browser.  This
commonly happens with AOL browsers or other OEM installs.  It's possible
adding your URL to your trusted sites (if IE) will resolve the issue, or
that you need to set your Cookie level to medium. (if IE again)

Joseph Gooch
K12 Systems, Inc.
[...]
cookie-less[...]
say[...]
routed[...]
with[...]
session[...]
rather[...]
pound(at)apsis.ch.[...]