[Building Sakai] access/.../WebServlet.setSession question in Sakai 2.4.x
Stephen Marquard
stephen.marquard at uct.ac.za
Sun Mar 8 07:03:58 PDT 2009
SSL renegotiation was indeed new to me (we lurk and learn!).
So yes, why does the LB send the renegotiated session to a new app server? The sessions are supposed to be sticky on the JSESSIONID cookie value. If the LB is not using the same type of stickiness as Sakai, then indeed it is a problem.
Cheers
Stephen
>>> Casey Dunn <caseyd.stan at gmail.com> 03/07/09 5:42 PM >>>
On Sat, Mar 7, 2009 at 2:02 AM, Stephen Marquard <stephen.marquard at uct.ac.za
> wrote:
> Hi Casey,
>
> You can't use SAKAI_SESSION values, which refer to UsageSessions, for auth
> sessions, which are different altogether.
Ah, that's what I get for reading the 2.4.x javadoc.
I thought I could use SAKAI_SESSION, and execute a login sequence on the new
server, setting up an auth session. U know, sessioncomponent.startSession(id
blah blah)
I still may hack at it for fun.
May try basic auth but that's not very desirable.
SSL renegotiation is pretty common stuff Stephen - are you referring to why
the LB sends the renegotiated session to a new machine?
thanks!
Casey
More information about the sakai-dev
mailing list