Multisession among Tomcat servers and its synchornization

Question

Hello everyone,&nbsp;
me and my coleague are new users of our first F5 LTM and we are also new to this forum. We have support for this device but so far we have no answer since last week and project should move forward...&nbsp;
Anyway, we've encountered simultaneous login issue. &nbsp;
Introduction: &nbsp;
We're using bigip to load balance java based web apps. It does load balancing based on jsessionid for java apps deployed on tomcat. We can say that we deployed standard environment with BIG-IP, Tomcat, Apache and persist sessions &nbsp;
We run one port on our tomcat instances (8080)we allow only for https "secure" traffic. Bigip handles the https offload. Http "unsecure" requests are redirect to httpsWe use oneconnectWe parse certain POST request and insert user login and organization_unit into jsesssionID cookie
Issue description: &nbsp;
How it works without LB: 
User is logging into application. Tomcat instance "combine" new session with login. The general idea is to prevent simultaneous user login. In case when user is trying to log into from another "machine" and Tomcat detect that login is connected with another session user can decide what to do: log in and close old session or resign. &nbsp;
Issue with LB: &nbsp;
Tomcat instances haven't common sessions pool. Instances work independently. Clustering or session replication hasn't been configured. &nbsp;
I wonder whether it is possible to achieve such functionality using LB or how to send list of all persist sessions from LB to tomcat instances. 
We know that we are able to collect those information using 
"show ltm persistence persist-records virtual Virtual-Server-ID all-properties"
but this approach require console access and it doesn't fulfill our expectations. 
Would you please suggest other solution? &nbsp;
Kind Regards, 
Filip&nbsp;

nitass · Answer

I wonder whether it is possible to achieve such functionality using LB or how to send list of all persist sessions from LB to tomcat instances. We know that we are able to collect those information using "show ltm persistence persist-records virtual Virtual-Server-ID all-properties" but this approach require console access and it doesn't fulfill our expectations. Would you please suggest other solution?

can we just persist based on user login? so, server will decide what to do when user logs in from multiple locations.

sol7392: Overview of universal persistence

http://support.f5.com/kb/en-us/solutions/public/7000/300/sol7392.html

can we just persist based on user login? so, server will decide what to do when user logs in from multiple locations.&nbsp;
sol7392: Overview of universal persistence&nbsp;
http://support.f5.com/kb/en-us/solutions/public/7000/300/sol7392.html&nbsp;

fpaj_137139 · Answer

Hi Nitass,&nbsp;

can we just persist based on user login? so, server will decide what to do when user logs in from multiple locations.&nbsp;

I think that's the problem. We don't know login at the beginning at the moment when session is assigned to the specific node. We have to parse login from POST request based on certain URI. We have to create some kind of container for login and decide what to do if it occurs that login exist in our container. I thought about array but LTM initialize array on every new connection therefore we won't know its content across multiple connections.&nbsp;
There is another issue. I thnik that we can not use CLIENT_ACCEPTED event because we don't know login at the beginning. The event fires when user establish TCP connection and we get persist session based on JSessionID. Any input will be appreciated &nbsp;

fpaj_137139 · Answer

And yet one more issue - even if we get the list of active sessions and we know that we have to terminate one - how to do this? It is easy to terminate session that has just started and that triggered this event but how to terminate another based on data from new one?

nitass · Answer

I thought about array but LTM initialize array on every new connection therefore we won't know its content across multiple connections.&nbsp;

you can use table command. it is available across connection.&nbsp;
v10.1 - The table Command - The Basics by Spark&nbsp;
https://devcentral.f5.com/articles/v101-the-table-command-the-basics.UoIjfW2jYdU&nbsp;

even if we get the list of active sessions and we know that we have to terminate one - how to do this? It is easy to terminate session that has just started and that triggered this event but how to terminate another based on data from new one?&nbsp;

would it be possible if we send sideband connection to server to terminate another session (e.g. remove that session from server)?&nbsp;
v11 iRules: Intro to Sideband Connections by Colin Walker&nbsp;
https://devcentral.f5.com/articles/v11-irules-intro-to-sideband-connections.UoIksG2jYdU&nbsp;

Forum Discussion

Multisession among Tomcat servers and its synchornization

4 Replies

Recent Discussions

minimum tmos software version for connect CIS (openshift)

security patch release

redirect not working

RECOVER ALL YOUR LOST CRYPTOCURRENCY WITH THE HELP OF CAPTAIN WEBGENESIS.

VPN fragmented IP packets dropped

Related Content

F5 Distributed Cloud Origin Server Subset Rules

Server Profile SNI

Check a Virtual Server's SSL Status

Virtual Server graphical App for F5 LTM

iRule based RADIUS Server Stack