Some web applications attempt to introduce state persistence into the stateless HTTP protocol, by defining sessions using various mechanisms, such as specially defined headers, cookies, etc. For such applications it is critical that all requests that belong to a single session be directed to the same server, i.e. backend. Clearly, this disrupts the balancer logic, and requires that the proxy be able to understand the backend’s notion of session.
Pound is able to detect and track sessions identified by
client address, Basic authentication (user id/password), URL
parameter, cookie, HTTP parameter, and HTTP header value.
Session tracking is enabled on a per-service basis by a
Session section. The section must contain at least the
Type directive, which specifies what type of session tracking
to use, and the TTL directive, supplying session idle timeout
in seconds.
Session types are case-insensitive. They are summarized in the table below:
IPThe IP session tracking type instructs pound to forward
all requests from the same client IP address to the same backend
server:
Session
Type IP
TTL 300
End
BasicUsing this session tracking type, pound parses the
Authentication header of each request. If the header is
present, and specifies the ‘Basic’ authentication type, user ID
is extracted from it. Requests with the same user ID are forwarded to
the same backend server.
Session
Type Basic
TTL 300
End
URLThis tracking scheme uses the value of URL query parameter to define
a session. The parameter name is supplied using the ID directive:
Session
Type URL
TTL 300
ID "sess"
End
In this example, sessions are identified by the ‘sess’ parameter,
The request URL might look like ‘http://example.org?sess=123’.
CookieThe Cookie tracking type use a certain cookie to identify
sessions. The cookie name is given by the ID directive:
Session
Type Cookie
TTL 300
ID "sess"
End
HeaderSessions are identified by the value of HTTP header whose name is
given by the ID directive, e.g.:
Session
Type Header
ID "X-Session"
TTL 300
End
ParmThis is the least useful scheme. Sessions are identified by HTTP
parameter - a string that appears after a semicolon in the URL, such
as ‘bar’ in ‘http://foo.com;bar’
Session
Type PARM
TTL 300
End