Apache mod_jk server affinity config. for Tomcat with a JRub

I am using Apache 2.2.3 with mod_jk to connect to Tomcat 6 server. We
have deployed a JRubyOnRails (JRuby 1.5, Rails 2.2.3) web app on Tomcat
by creating a .war file using warbler. I need to understand how the http
session id is generated in this deployment? I don’t see any session
getting created in Tomcat when I access the web app over http (verified
using Tomcat admin console). The cookie name in http response header is
“_<>_session=<>”.

Can anyone help me understand:

  1. Is JRuby+Rails creating this session id and not Tomcat?
  2. If yes, how to configure mod_jk and Tomcat to establish “server
    affinity” between them. i.e. I have multiple Tomcat instances front
    ended by 1 Apache server with mod_jk plugin on Apache. Usually Tomcat
    created http session with cookie name as “jsessionid” and the jvmRoute
    config. in Tomcat server.xml is used to ensure server affinity with
    mod_jk. How to configure it in this case when Tomcat itself is not
    creating any http session cookie.
  3. Can I change cookie name using some warbler config?

Environment:
Jruby version 1.5.0
Rails version 2.3.5
Postgre SQL database 8.3
apache-tomcat-6.0.26
Apache 2.2.3

On Wed, Jun 16, 2010 at 11:11 AM, Yani Y. [email protected] wrote:

I am using Apache 2.2.3 with mod_jk to connect to Tomcat 6 server. We
have deployed a JRubyOnRails (JRuby 1.5, Rails 2.2.3) web app on Tomcat
by creating a .war file using warbler. I need to understand how the http
session id is generated in this deployment? I don’t see any session
getting created in Tomcat when I access the web app over http (verified
using Tomcat admin console). The cookie name in http response header is
“_<>_session=<>”.

Can anyone help me understand:

  1. Is JRuby+Rails creating this session id and not Tomcat?

Yes, Rails is creating this session; you’re probably using the
“cookie” session store, which is the default.

You can also run with the “java servlet” session store, which requires
some configuration changes in your Rails app. For a 2.2 app add the
following to the bottom of config/initializers/session_store.rb:

ActionController::Base.session_store = :java_servlet_store if

defined?($servlet_context)

  1. If yes, how to configure mod_jk and Tomcat to establish “server
    affinity” between them. i.e. I have multiple Tomcat instances front
    ended by 1 Apache server with mod_jk plugin on Apache. Usually Tomcat
    created http session with cookie name as “jsessionid” and the jvmRoute
    config. in Tomcat server.xml is used to ensure server affinity with
    mod_jk. How to configure it in this case when Tomcat itself is not
    creating any http session cookie.

Changing to the java servlet store as above will make the “jsessionid”
cookie be used again.

  1. Can I change cookie name using some warbler config?

If you wanted to keep the cookie store, you could go into
config/initializers/session_store.rb and change the cookie name in
there.

/Nick


To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email

Thanks, for providing the required information.

But I am still still facing the same issue

This is how my /config/initialiazers/sessio_store.rb looks like :

================================================================================

Be sure to restart your server when you modify this file.

Your secret key for verifying cookie session data integrity.

If you change this key, all old sessions will become invalid!

Make sure the secret is at least 30 characters and all random,

no regular words or you’ll be exposed to dictionary attacks.

ActionController::Base.session = {
:key => ‘_my_session’,
:secret => ‘SOME_KEY_VALUE’
}

Use the database for sessions instead of the cookie-based default,

which shouldn’t be used to store highly confidential information

(create the session table with “rake db:sessions:create”)

ActionController::Base.session_store = :active_record_store

ActionController::Base.session_store = :java_servlet_store if
defined?($servlet_context)

It is still providing me the default rails session,not the’ jsessionid’
which I actually require.

I montiored the same using firebug.

On Fri, Jun 18, 2010 at 10:09 AM, Yani Y. [email protected] wrote:

or should i exclude it so that rails session is not created?
If so then how do i kill the java session?
I use a plugin “lukeredpath-session-timeout-419de09” for session
timeout.
This plugin kills the rails session on timeout, will it kill the java
session too?

How do we handle session timeout in such scenario?

I don’t know how the session timeout plugin works; you should probably
investigate what it’s doing to see if it will work with the servlet
session. If not, you may need to modify it to call delete on the
session.

/Nick


To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email

Hi,

When we did the above there are two sessions being created, one is the
rails session and one is jsession.

Should i keep this code :
ActionController::Base.session = {
:key => ‘_my_session’,
:secret => ‘SOME_KEY_VALUE’
}

or should i exclude it so that rails session is not created?
If so then how do i kill the java session?
I use a plugin “lukeredpath-session-timeout-419de09” for session
timeout.
This plugin kills the rails session on timeout, will it kill the java
session too?

How do we handle session timeout in such scenario?

Hi,

As mentioned earlier my config:

Be sure to restart your server when you modify this file.

Your secret key for verifying cookie session data integrity.

If you change this key, all old sessions will become invalid!

Make sure the secret is at least 30 characters and all random,

no regular words or you’ll be exposed to dictionary attacks.

ActionController::Base.session = {
:key => ‘_my_session’,
:secret => ‘SOME_KEY_VALUE’
}

Use the database for sessions instead of the cookie-based default,

which shouldn’t be used to store highly confidential information

(create the session table with “rake db:sessions:create”)

ActionController::Base.session_store = :active_record_store

ActionController::Base.session_store = :java_servlet_store if
defined?($servlet_context)

But by using this , we face sudden session timeouts.

I used :
logger.info session.inspect

<%= debug session %> to monitor the session info. In my dev env i use
internal webrick server, here the dump shows me the session id, however
when deployed in tomcat, there is no session id being printed.

and on refreshing after sometime the session abruptly times out. Is
there some issue in using : ActionController::Base.session_store =
:java_servlet_store if
defined?($servlet_context)?

Thanks once again.

On Tue, Jun 29, 2010 at 1:05 AM, Yani Y. [email protected] wrote:

:key => ‘_my_session’,
defined?($servlet_context)
when deployed in tomcat, there is no session id being printed.

and on refreshing after sometime the session abruptly times out. Is
there some issue in using : ActionController::Base.session_store =
:java_servlet_store if
defined?($servlet_context)?

My best guess is that yes, there must be an issue using the
java_servlet_store in conjunction with the session timeout plugin.
Perhaps you can still get the effect you want by reverting to the
cookie session and just making the session cookie key called
“jsessionid”?

/Nick

http://xircles.codehaus.org/manage_email


To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email