Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 343330

Summary: sessionId in Browser not equals in Server
Product: [RT] Jetty Reporter: weijx <weijx2003>
Component: serverAssignee: Greg Wilkins <gregw>
Status: RESOLVED WONTFIX QA Contact:
Severity: normal    
Priority: P3 CC: jetty-inbox
Version: 7.2.2   
Target Milestone: 7.2.x   
Hardware: PC   
OS: Windows 7   
Whiteboard:

Description weijx CLA 2011-04-19 21:38:26 EDT 
Build Identifier: 

when I use jetty7.4 in cluster, I find the sessionId in Browser is not equals sessionId in Server.
sessionId in Browser is : tas1lktlh90nwcqru3sk1ev2b2z0.jetty_instance1
sessionId in server  is : tas1lktlh90nwcqru3sk1ev2b2z0

I lookup class org.eclipse.jetty.server.session.AbstractSessionManager and find method setNodeIdInSessionId. The default value of nodeIdInSessionId is false.
I think the default value is better set true.

When I use tomcat in cluster, the sessionId in Browser and in Server is the same value.

Reproducible: Always
Comment 1 Greg Wilkins CLA 2011-05-10 03:48:23 EDT 
Jetty has a flexible session ID mechanism that supports features such as session migration.

We made the design decision to keep the node ID of the session out of the session ID itself, as this allows a session to migrate without changing the session ID.   Ie the node ID is part of the cookie, but not part of the identity of the session.

Can you explain what problems this is causing you and we can review this design decision.

Note that there are intermediaries that will also adjust session cookies values with node tags.  If you were running behind such and intermediary, then the browser cookie could be different.
Comment 2 Greg Wilkins CLA 2011-05-11 22:17:34 EDT 
Wont fix for now.  Please reopen if you have a good use-case for us to consider.