Open domdom82 opened 1 year ago
IMO option 2 (dedicated handler, communicate via RequestInfo
) is the most desirable. RequestInfo
is already used to communicate / collect information related to that request and it clearly separates the logic (hopefully) making the code more maintainable.
Is this a security vulnerability?
No.
Issue
Gorouter supports session affinity as described in the docs. However, this support currently works only for regular HTTP traffic. Requests to WebSocket apps ignore JSESSIONID or other session cookies and will be routed randomly instead.
Affected Versions
All.
Context
Steps to Reproduce
Expected result
The same instance is used that has originated the JSESSIONID cookie
Current result
A random instance is used. JSESSIONID cookie is ignored.
Possible Fix