Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1107971

Summary: Tomcat 6/7 does not keep jsessionid if transmitted via URL
Product: [JBoss] JBoss Enterprise Web Server 2 Reporter: Michal Karm Babacek <mbabacek>
Component: mod_clusterAssignee: Jean-frederic Clere <jclere>
Status: CLOSED NOTABUG QA Contact: Michal Karm Babacek <mbabacek>
Severity: high Docs Contact:
Priority: unspecified    
Version: 2.1.0CC: jdoyle, jstefl, lfuka, mbabacek, mhusnain, pslavice, rsvoboda
Target Milestone: ---   
Target Release: 2.1.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-18 08:34:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
EWS-and-EAP-logs.zip none

Description Michal Karm Babacek 2014-06-11 07:43:49 UTC 
I've spotted a problem with the test that verifies jsessionid, sessions stickiness, both with cookies and urls, EWS 2.1.0.ER2.

If I use cookies for storing the jsessionid, everything is cool:

+++
curl 'http://rhel6x86-64:8847/clusterbench/requestinfo' -c cookies.txt -b cookies.txt 
Session ID: 4BDF9E0DCFAE2E6C8ABC51A9F6496CD0.tomcat-7-1
Session isNew: false

curl 'http://rhel6x86-64:8847/clusterbench/requestinfo' -c cookies.txt -b cookies.txt 
Session ID: 4BDF9E0DCFAE2E6C8ABC51A9F6496CD0.tomcat-7-1
Session isNew: false
+++

If one tries to pass jsessionid via URL, it falls apart:

+++
curl 'http://rhel6x86-64:8847/clusterbench/requestinfo?jsessionid=16EC38C3A0563361A1D778846195084A.tomcat-7-1'
Session ID: 9458D35F037F2669AE1AA239F68DC9DE.tomcat-7-1
Session isNew: true

curl 'http://rhel6x86-64:8847/clusterbench/requestinfo/?jsessionid=9458D35F037F2669AE1AA239F68DC9DE.tomcat-7-1'
Session ID: 7984181E8C04B87B1CCC22E8D5504FBC.tomcat-7-1
Session isNew: true

curl 'http://rhel6x86-64:8847/clusterbench/requestinfo?JSESSIONID=7984181E8C04B87B1CCC22E8D5504FBC.tomcat-7-1'
Session ID: 9047ECD4E4BA35D5BA0CAC008966FB11.tomcat-7-1
Session isNew: true
+++

Several noteworthy observations:

1) It happens both with mod_cluster 1.2.8.Final and 1.2.9.Final
2) It's most likely not native part's fault, because I've tried swapping the Apache HTTP Server and mod_cluster natives with those from EAP 6.3.0.ER5 and it didn't help.
3) It works with EAP 6.3.0.ER5
4) It happens both with Tomcat 6 and 7
5) Yes, I tried both jsessionid and JSESSIONID both with /? and ? parameter delimiters.
6) Explicitly forcing <tracking-mode>URL</tracking-mode> for <session-config> didn't help either.

Any ideas?
Comment 1 Michal Karm Babacek 2014-06-11 08:18:48 UTC 
Created attachment 907530 [details]
EWS-and-EAP-logs.zip

These are logs from the same test, once executed with EAP and once with EWS.
Both test runs have only the beginning in common, because the EWS test fails very early on losing jsessionid.

The test runs through a list of various complicated URL and verifies whether anything breaks...and with Tomcat, it does :-(
Comment 2 Jean-frederic Clere 2014-06-18 08:34:45 UTC 
the test looks broken...

the URL should be something like


curl 'http://rhel6x86-64:8847/clusterbench/requestinfo;jsessionid=16EC38C3A0563361A1D778846195084A.tomcat-7-1'
Comment 3 Michal Karm Babacek 2014-06-18 09:14:35 UTC 
Mea culpa :-(

Well, I should have mentioned that it worked with semicolon right away.

Anyhow, you are absolutely right:
Servlet Specification [1], page 56, Paragraph 7.1.3 URL Rewriting:

  The session ID must be encoded as a path
  parameter in the URL string.

So it's really only a path parameter, not both a query parameter and a path parameter.


[1] http://download.oracle.com/otn-pub/jcp/servlet-3.0-fr-oth-JSpec/servlet-3_0-final-spec.pdf