How to generate custom JSESSIONID, based on some hash of user's data in order to replicate session
https://stackoverflow.com/questions/2833861
-
26-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Is it possible to override Tomcat's embedded generator of JSESSIONID, to be able to create custom values of this cookie, based on user's login?
Why do I need this: I have a load balancer with "sticky sessions", configured to route requests with the same JSESSIONID to the same server, and I want to prevent situation, when same user can start two different sessions on different servers.
P.S: all this is about Amazon EC2
Solution
There is a better way to do this: See the tomcat manual on session replication in cluster
OTHER TIPS
You can do so by defining your own customized session manager,
http://tomcat.apache.org/tomcat-5.5-doc/config/manager.html
However, it probably doesn't work for your use-case. You don't know username before user logs in but the session needs to be created for the login.
I think pushing session to the backend is the best approach. You can use the JDBCStore session manager distributed with Tomcat. You can also find implementation for memecached.
If the purpose of multiple servers is for redundancy, you can also use clustering but that doesn't help you if your goal is to scale for load.
