K
Q

New session ID generated for each request

6/14/2017

Problem summary:

New session ID is generated for each request in my application, but only within Google Cloud Container Engine infrastructure.

Root cause:

I found the root cause of the problem. The session affinity set for Ingress does not work as I expected. Here is how it's created:

  1. I'm creating deployment with 2 replicas (basic java application with servlets)
  2. I'm creating NodePort service as described here (but using YAML)
  3. I'm creating Ingress controler using YAML
  4. I'm adding a cookie based session affinity to Ingress via Google Cloud Console

And here is what I get when I'm refreshing the page in a browser (POD name is added inside "[]"):

[app-deployment-428779295-3xq7f] Session created: node01peqkxiewv08i1hkh0zonc8fmw0
[app-deployment-428779295-lp1r2] Session created: node017hf0svs0n6u816virgk4qkxk40
[app-deployment-428779295-3xq7f] Session created: node030t1v2oamg3p1x3tw55m2tdno1
[app-deployment-428779295-3xq7f] Session exists: node030t1v2oamg3p1x3tw55m2tdno1
[app-deployment-428779295-lp1r2] Session created: node0drzofij3ljx1tgn2z3dcj12y1
[app-deployment-428779295-lp1r2] Session exists: node0drzofij3ljx1tgn2z3dcj12y1
[app-deployment-428779295-lp1r2] Session exists: node0drzofij3ljx1tgn2z3dcj12y1
[app-deployment-428779295-3xq7f] Session created: node01wlgfm248y7f3fagzuu3thga82
[app-deployment-428779295-lp1r2] Session created: node0qiqpch5b1u4g1lvbphkj3djqh2
[app-deployment-428779295-lp1r2] Session exists: node0qiqpch5b1u4g1lvbphkj3djqh2
[app-deployment-428779295-lp1r2] Session exists: node0qiqpch5b1u4g1lvbphkj3djqh2
[app-deployment-428779295-3xq7f] Session created: node01gfdfatrj0premffkwywc5ori3

The question is - how to fix it?

Original problem description:

  • Spring MVC application (tested also on simple servlet with the same results, so this is not the case)
  • Running on jetty 9.4.6 docker image (default configuration; happens also on tomcat 8.5.15 docker image)
  • Application deployed as ROOT.war
  • Application is deployed on 2 nodes (2 PODs) with Ingress load balacing, HTTPS and cookie-based session affinity.
  • Setting explicite cookie domain and path does not help.
  • Other cookies managed by application are working just fine

The problem does not occur when I run it from jetty-maven-plugin or from docker image locally.

Have anybody else encounter such an issue?

-- Seiya
google-kubernetes-engine
java

Similar Questions

Kubernetes dashboard tls certificates on AWS
Can't mount secret to volume in /etc
How to find Kubernetes pod that's handling the request
minikube: could not find capabilities for domaintype=kvm

1 Answer

11/22/2017

I fixed my problem at the moment by leaving only 1 replica and set sessionAffinity: None (which is default), but this is not helpful for scalable applications.

The first solution I was thinking was to make a Redis pod and configure it in my spring application as the session holder, then I leave the sessionAffinity: None because I'm not holding the security context in my pod memory, instead I'm leaving it in my Redis database and because of this it doesn't matter which spring application pod will process the request because it can identify the session by interrogating the Redis database. By doing this, you are not going to be limited by the deployment infrastructure. You can check out this guide.

The second solution is to configure a sessionless aplication by using a OAuth2 implementation with an authorization server and configure your spring application as the client, but this is already a more complicated solution and requires more work.

-- Patrix
Source: StackOverflow