-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
fix: set clusterKey cookie at first request #143
Conversation
Currently clusterKey cookie is set only when an HTTP session exists. In addition to the cookie, the key is also set as a session attribute so that SessionSerializer can fetch it later. However, if two or more concurrent requests are sent from the client, all of them create a new cookie, but the session attribute gets the value of the first one. This causes the distributed session to be written with a wrong key and when there a server switch the session cannot be restored. This change sets the clusterKey cookie even if there is not yet an HTTP session, so the key is only defined during first request and remains stable with subsequent calls; once the HTTP session is create, the key is stored as an attribute. Potentially fixes #111 See https://github.com/vaadin/kubernetes-kit/issues/111\#issuecomment-2074909790
Should the clusterKey cookie name be configurable as well then to avoid similar clashes when a user has sessions to different applications in the context of a portal for example ? |
A configurable cookie name requires a bigger refactoring, since the COOKIE_NAME constant is used in several places (e.g. |
With this fix, failover is now done correctly to another node, great work ! For reference, to easily test failover i'm using this haproxy.cfg:
|
@jorgheymans Thank you very much for your precious help in debugging this issue |
See #145 |
Any chance this PR can get some attention for inclusion in a next release ? Eagerly waiting for it 👍 |
Description
Currently clusterKey cookie is set only when an HTTP session exists. In addition to the cookie, the key is also set as a session attribute so that SessionSerializer can fetch it later.
However, if two or more concurrent requests are sent from the client, all of them create a new cookie, but the session attribute gets the value of the first one. This causes the distributed session to be written with a wrong key and when there a server switch the session cannot be restored. This change sets the clusterKey cookie even if there is not yet an HTTP session, so the key is only defined during first request and remains stable with subsequent calls; once the HTTP session is create, the key is stored as an attribute.
Potentially fixes #111
See https://github.com/vaadin/kubernetes-kit/issues/111\#issuecomment-2074909790
Type of change
Checklist
Additional for
Feature
type of change