Prev: Next: , Up: Balancer[Contents][Index]

6.1 Sessions

Some web applications attempt to introduce state persistence into the stateless HTTP protocol, by defining sessions using various mechanisms, such as specially defined headers, cookies, etc. For such applications it is critical that all requests that belong to a single session be directed to the same server, i.e. backend. Clearly, this disrupts the balancer logic, and requires that the proxy be able to understand the backend’s notion of session.

Pound is able to detect and track sessions identified by client address, Basic authentication (user id/password), URL parameter, cookie, HTTP parameter, and HTTP header value.

Session tracking is enabled on a per-service basis by a Session section. The section must contain at least the Type directive, which specifies what type of session tracking to use, and the TTL directive, supplying session idle timeout in seconds.

Session types are case-insensitive. They are summarized in the table below:

IP

The IP session tracking type instructs pound to forward all requests from the same client IP address to the same backend server: 

Session
    Type IP
    TTL  300
End
Basic

Using this session tracking type, pound parses the Authentication header of each request. If the header is present, and specifies the ‘Basic’ authentication type, user ID is extracted from it. Requests with the same user ID are forwarded to the same backend server. 

Session
    Type Basic
    TTL  300
End
URL

This tracking scheme uses the value of URL query parameter to define a session. The parameter name is supplied using the ID directive: 

Session
    Type URL
    TTL  300
    ID   "sess"
End

In this example, sessions are identified by the ‘sess’ parameter, The request URL might look like ‘http://example.org?sess=123’.

Cookie

The Cookie tracking type use a certain cookie to identify sessions. The cookie name is given by the ID directive: 

Session
    Type Cookie
    TTL  300
    ID   "sess"
End
Header

Sessions are identified by the value of HTTP header whose name is given by the ID directive, e.g.: 

Session
    Type Header
    ID   "X-Session"
    TTL  300
End
Parm

This is the least useful scheme. Sessions are identified by HTTP parameter - a string that appears after a semicolon in the URL, such as ‘bar’ in ‘http://foo.com;bar

Session
    Type PARM
    TTL  300
End

Prev: Next: , Up: Balancer[Contents][Index]