[Building Sakai] access/.../WebServlet.setSession question in Sakai 2.4.x
Casey Dunn
caseyd.stan at gmail.com
Fri Mar 6 22:51:38 PST 2009
Hi folks.
Ive got quick question about the access WebServlet code. This is not about
Sakai being less than accurate about users AuthN during access to the
WebServlet front end to the Content Hosting system.
This email is about Session Migration.
background: I've a situation where occasionally the LB / FW we have in
front of Sakai will renegotiate a SSL session. When it does so it _may_ send
the session to a new LBed Sakai server. ( background music: "SSL renogiation
and IP spoofing" )
When the request ends up at the new server the Sakai session is invalid.
"Who the heck are you?" is the essential response.
This is because the Sakai 2.4.x sessions are not viable across a pool of
Sakai servers.
I am considering making the WebServlet setSession code, well, should it
fail, dig into the SAKAI_SESSION table and see if there has recently been,
somewhere, a session with the same ID. the Session code will only WARN if a
duplicate Sakai Session Id is re-used. A specific factor is that my client
dumps the SAKAI_SESSION (etc) table daily... so say we all!
If there has been a viable session I would then establish a new session on
the new server for the purpose of pushing in the upload. I might establish
this server's session with the same darn ID, and then refresh the Auth group
stuff blah blah blah for this ride into sakai.
Has anyone tried this yet?
TIA,
Casey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20090306/e9290e41/attachment.html
More information about the sakai-dev
mailing list