| Ken Hygh 2007-11-23, 1:24 pm |
| Paul Ilechko wrote:
> Sven Vermeulen wrote:
>
>
> The cloneid has nothing at all to do with the uniqueness of the
> JSESSIONID. It is purely used for routing requests to a particular
> server where the Session is more likely to be in memory, and less likely
> to require recall from persistent storage. A non-unique session id would
> still be non-unique with a different clone-id.
>
> You're right that it's a matter of probability, but so is everything
> that depends on UUIDs of any type. Based on my discussions with WAS
> development, the probability of duplicate Session IDs occurring at a
> single site is infinitesimally small, unless there is a bug (there was
> at one time, long since fixed, and it was quite arcane).
Sven,
One other piece of evidence: if JSESSIONID was not unique across the
entire cell, then failover would be broken. If the original server went
down, the plugin reroutes to a different server with an identical
JSESSIONID, and one user starts seeing another user's data.
Ken
|