Load balancing prevented after session invalidated

[Michal Jemala]

Hi Team,

the Gorouter component prevent load balancing even after a session has been invalidated and the session cookie removed. This is due to the existence of  '__VCAP_ID__' cookie which maps client to a specific backend. I believe the client request should be routed to a specific backend only if the session cookie is present as well, i.e. in the Proxy.Lookup method the Registry.LookupByPrivateInstanceId method should be called only if both 'JSESSIONID' and '__VCAP_ID__' are present.

NOTE: The obvious workaround is to remove the '__VCAP_ID__' when invalidating the session, but this requires the user to be aware it exists.

[James Bayer]

Thanks for reporting this. We'll look into it.

--

Thank you,

James Bayer

[Michal Jemala]

Hi Team, do you have any updates on this?

NOTE: You can test it here (use "/login" to login and "/logout" to logout), after logging out all your subsequent requests will be routed to the same instance (unless you delete the '__VCAP_ID__' cookie obviously).

Regards,

Michal

[James Bayer]

no update, it's lower priority than some of the other work we're doing. if you want to submit a pull request with some tests that would be one option. here is the code that needs updating:

https://github.com/cloudfoundry/gorouter/blob/c6a221cc037bda8bcf101597b7278e6d0dd3c62c/src/router/proxy.go#L105

i believe the fix is to only do that logic when JSESSIONID represented by the value of the StickyCookieKey variable actually exists.

[zyp...@gmail.com]

Hi 

I encountered such a problem. I use router, not gorouter.

My question is this:

Router only supports the JAVA framework and session framework sticky, 

other languages do not support? Only the JAVA framework can generate JSESSIONID,

The router session sticky function is available, 

each time a user sends a request, will be forwarded to the same instance. But PHP can generate PHPSESSID, not JSESSIONID