How to generate custom JSESSIONID, based on some h

2019-02-22 10:04发布

问题:

Is it possible to override Tomcat's embedded generator of JSESSIONID, to be able to create custom values of this cookie, based on user's login?

Why do I need this: I have a load balancer with "sticky sessions", configured to route requests with the same JSESSIONID to the same server, and I want to prevent situation, when same user can start two different sessions on different servers.

P.S: all this is about Amazon EC2

回答1:

There is a better way to do this: See the tomcat manual on session replication in cluster



回答2:

You can do so by defining your own customized session manager,

http://tomcat.apache.org/tomcat-5.5-doc/config/manager.html

However, it probably doesn't work for your use-case. You don't know username before user logs in but the session needs to be created for the login.

I think pushing session to the backend is the best approach. You can use the JDBCStore session manager distributed with Tomcat. You can also find implementation for memecached.

If the purpose of multiple servers is for redundancy, you can also use clustering but that doesn't help you if your goal is to scale for load.