Re: session length when using cookies

From: Willy Tarreau <w#1wt.eu>
Date: Sat, 5 Sep 2009 19:06:19 +0200


On Thu, Sep 03, 2009 at 10:40:00AM -0700, Hank A. Paulson wrote:
> Theoretically, if you are using http (and are closing the connection after
> each request) and an app generated cookie, the tcp persistence would not
> matter or come into play - I think.

Indeed, only the cookie matters.

> Take the infamous "AOL user" case, AOL in the past, at least, used multiple
> gateways with a single user coming from different IPs during the lifetime
> of a single session. In that case, you can't use tcp connectivity tricks to
> manage sessions, you have to use cookies. Again, afaik.

It's not only AOL, it's almost everywhere you have redudant outgoing proxies. From my experience, about 5% or the internet users on a given site see their IP address change multiple times during a session, sometimes even for every hit due to round-robin proxies.

But James, I don't get the initial issue. Since the inserted cookie does not expire, what issue are you trying to workaround ? As long as the user does not close his browser, he will remain on the same server, so I don't see where you problem is.

Regards,
Willy Received on 2009/09/05 19:06

This archive was generated by hypermail 2.2.0 : 2009/09/05 19:15 CEST