memcached-session-manager 1.4.0-RC1 ready for tomcat7 and non-sticky sessions
Martin Grotzke
after lots of work for non-sticky session support and some time to get
all tests running with tomcat7 I'm very happy to announce the new
version 1.4.0 (rc).
As there were lots of changes and both non-sticky session support and
tomcat7 compatibility are very "fresh" I decided to first make a
release candidate.
Therefore I invite you to pull the new version from the downloads page
([1]) and give it a try. Please let me know how it works for you so
that we can have a final release soon.
The documentation regarding the configuration ([2]) is updated accordingly.
You find the complete list of changes and fixed issues at [3], but
they're also listed at the end of this email.
Some details regarding the support of non-sticky sessions:
- in non-sticky mode sessions are no longer stored in tomcat for for
longer than a request duration, but only in memcached (otherwise there
would be stale data)
- the session is loaded from memcached when requested by the
application and stored in the local session map for this request
- it's saved back in (the primary) memcached at the end of the request
(following the same optimizations as they exist for sticky sessions)
- the session is stored in an additional (secondary) memcached node to
prevent a single point of failure
- when the primary memcached node is not available the session is
loaded from the backup/secondary node and it's relocated to a new node
- to allow skipping of updates (including expensive serialization) the
session is stored with the double expiration time in memcached. The
actual last access time (and maxInactiveInterval) is stored in
memcached and is used to determine if a session is still valid. This
validity info is also stored for backup in the secondary memcached
node.
- there are session locking mechanisms implemented: all (when a
session is loaded as requested by the application it's locked until
the end of the request/storage in memcached), auto (requests that
access the session readonly are auto detected and for further requests
locking is skipped, for requests that modify the session a lock is
aquired), uriPattern (a regular expression is compared with the
requestURI+queryString and the session is locked if they match), none
(no locking at all, default)
I'd be happy to get feedback on how it works for you!
Have fun playing with the new release,
cheers,
Martin
Changes:
#77: Make memcached-session-manager work with Tomcat 7.x (thanx at
Jorge Carabias for initial contribution)
#70: Improve support for nonsticky sessions
#71: Session locking for non-sticky sessions: all, auto detection of
readonly requests, uri-pattern based
#72: Add storage of non-sticky sessions in another/secondary memcached
node, handle memcached failover for non-sticky sessions
#74: Touching unmodified/not-updated sessions must be solved differently
#68: Change of sessionId on login with BASIC auth must be handled correctly
#66: Make SessionTrackerValve.setNewSessionCookie more robust (handle
different possible cases)
#65: Session cookie name is hardcoded to JSESSIONID
#62: Support jvmRoutes containing dashes (-) (thanx at Paul G. Weiss
for patches)
#60: Add possibility to disable msm at runtime via JMX (thanx at Paul
G. Weiss for patches)
[1] http://code.google.com/p/memcached-session-manager/downloads/list
[2] http://code.google.com/p/memcached-session-manager/wiki/SetupAndConfiguration
[3] http://code.google.com/p/memcached-session-manager/wiki/Changes
--
Martin Grotzke
http://twitter.com/martin_grotzke