Memcached failover / session relocation not supported when cookies are disabled

[GoogleCodeExporter]

When the memcached node the session is associated with is not available the
session is relocated to another memcached node. This means the session id
is changed (so that it contains the new memcached node id), and the session
is internally (in the jvm local session map) bound to the new id.

To notify the browser about the new session id a new JSESSIONID cookie
(with the new session id) is sent.

When cookies are disabled this cookie is just ignored. The session id is
transported in the url via url-rewriting, and this contains still the old
session id - in more detail, the markup sent to the browser still contains
links with the old session id. Therefore the next request contains a
session id that is no longer existing - the client gets a new session.

Original issue reported on code.google.com by martin.grotzke on 16 Mar 2010 at 11:25

[GoogleCodeExporter]

Fixed.

Now it's checked at the beginning of the request if there's a valid session for 
the 
requested session id, and if this session has to be relocated. In this case, 
both the 
session.id and the request.requestedSessionId are changed to the new session id 
(containing the new memcached node), so that the rewritten urls will already 
contains 
the new id. The cookie with the new id is still added to the response.

Before session relocation was checked before the response was committed (or 
when the 
session is backuped). So the application could already write to the response 
and 
links would be rewritten using the old session id. That's why now session 
relocation 
is checked at the beginning of the request (before processing is passed to the 
application).

Will be released with 1.2

Original comment by martin.grotzke on 18 Mar 2010 at 9:17

• Changed state: Fixed
• Added labels: Milestone-1.2