tomcat的session问题
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了tomcat的session问题相关的知识,希望对你有一定的参考价值。
记录客户端操作我们一般使用cookie进行客户身份识别,session存储客户端的信息,session保存在服务器端。当我们负载均衡服务后,客户端请求定位到另外一台服务器,session信息在另外一台服务器上,为保证我们可以记录客户端进行的操作,我们一般有三种解决方式
第一种,session绑定,希望同一客户端的请求发往同一服务器,这样会破坏负载均衡效果。这种解决方法虽然有缺陷但是也是一种解决方法。
第二种,session cluster,构建一个session保存集群,提供同类型服务的服务器都把session共享,每个服务器一份。
第三种,session server,准备一个服务器保存session,然后其他服务器都到session服务器上取。
接下来,分布介绍他们怎么实现
环境准备
准备三台主机,他们之间的关系图如图1.1
图1.1
TomcatA的安装脚本
yum install tomcat tomcat-webapps tomcat-lib tomcat-admin-webapps mkdir -pv /var/lib/tomcat/webapps/test/WEB-INF/{classes,lib} cat > /var/lib/tomcat/webapps/test/index.jsp <<eof <%@ page language="java" %> <html> <head><title>TomcatA</title></head> <body> <h1><font color="red">TomcatA.magedu.com</font></h1> <table align="centre" border="1"> <tr> <td>Session ID</td> <% session.setAttribute("magedu.com","magedu.com"); %> <td><%= session.getId() %></td> </tr> <tr> <td>Created on</td> <td><%= session.getCreationTime() %></td> </tr> </table> </body> </html> eof
还要配置Tomcat
vim /etc/tomcat/server.xml #在host配置段中添加如下一行 <Context path="/test" appBase="/var/lib/tomcat/webapps/test/" reloadable="true"/> #更改这一行 <Engine name="Catalina" defaultHost="localhost" jvmRoute="TomcatA">
TomcatB的安装脚本
yum install tomcat tomcat-webapps tomcat-lib tomcat-admin-webapps mkdir -pv /var/lib/tomcat/webapps/test/WEB-INF/{classes,lib} cat > /var/lib/tomcat/webapps/test/index.jsp <<eof <%@ page language="java" %> <html> <head><title>TomcatB</title></head> <body> <h1><font color="blue">TomcatB.magedu.com</font></h1> <table align="centre" border="1"> <tr> <td>Session ID</td> <% session.setAttribute("magedu.com","magedu.com"); %> <td><%= session.getId() %></td> </tr> <tr> <td>Created on</td> <td><%= session.getCreationTime() %></td> </tr> </table> </body> </html> eof
还要配置Tomcat
vim /etc/tomcat/server.xml #在host配置段中添加如下一行 <Context path="/test" appBase="/var/lib/tomcat/webapps/test/" reloadable="true"/> #更改这一行 <Engine name="Catalina" defaultHost="localhost" jvmRoute="TomcatB">
session绑定的实现方法
session绑定的实现方法有三种,
第一种
使用nginx的做反向代理,添加如下内容就可
vim /etc/nginx/nginx.conf #在http配置段中添加一个 upstream tomcat { server 172.16.29.10:8080; server 172.16.29.20:8080; ip_hash; } #在这个location调用upstream定义的负载均衡的两个服务器 location / { proxy_pass http://tomcat; }
第二种
使用http的http反向代理模块,这里的会话绑定使用的是cookie
vim /etc/httpd/conf.d/tc.conf Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e;path=/" env=BALANCER_ROUTE_CHANGED <Proxy balancer://tomcat> BalancerMember http://172.16.29.10:8080 route=TomcatA loadfactor=1 BalancerMember http://172.16.29.20:8080 route=TomcatB loadfactor=1 ProxySet lbmethod=byrequests ProxySet stickysession=ROUTEID </Proxy> <VirtualHost *:80> ServerName tc ProxyRequests Off ProxyVia On ProxyPreserveHost On <Proxy *> Require all granted </Proxy> ProxyPass / balancer://tomcat:8080/ ProxyPassReverse / balancer://tomcat:8080/ <Location /> Require all granted </Location> </VirtualHost>
第三种,使用http的ajp反向代理模块
vim /etc/httpd/conf.d/tc.conf Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e;path=/" env=BALANCER_ROUTE_CHANGED <Proxy balancer://tomcat> BalancerMember ajp://172.16.29.10:8009 route=TomcatA loadfactor=1 BalancerMember ajp://172.16.29.20:8009 route=TomcatB loadfactor=1 ProxySet lbmethod=byrequests ProxySet stickysession=ROUTEID </Proxy> <VirtualHost *:80> ServerName tc ProxyRequests Off ProxyVia On ProxyPreserveHost On <Proxy *> Require all granted </Proxy> ProxyPass / balancer://tomcat/ ProxyPassReverse / balancer://tomcat/ <Location /> Require all granted </Location> </VirtualHost>
网页管理工具
vim /etc/httpd/conf.d/balancer.conf <Location /balancer-manager> SetHandler balancer-manager ProxyPass ! Require all granted </Location>
然后访问172.16.29.2/balancer-manager
session cluster的实现
实现session cluster使用的是,tomcat自带的cluster工具
在TomcatA的配置
vim /etc/tomcat/server.xml # 在Engine字段中添加如下内容 <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster" channelSendOptions="8"> <Manager className="org.apache.catalina.ha.session.DeltaManager" expireSessionsOnShutdown="false" notifyListenersOnReplication="true"/> <Channel className="org.apache.catalina.tribes.group.GroupChannel"> <Membership className="org.apache.catalina.tribes.membership.McastService" address="228.0.120.14" port="45564" frequency="500" dropTime="3000"/> <Receiver className="org.apache.catalina.tribes.transport.nio.NioReceiver" address="172.16.29.10" port="4000" autoBind="100" selectorTimeout="5000" maxThreads="6"/> <Sender className="org.apache.catalina.tribes.transport.ReplicationTransmitter"> <Transport className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/> </Sender> <Interceptor className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/> <Interceptor className="org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor"/> </Channel> <Valve className="org.apache.catalina.ha.tcp.ReplicationValve" filter=""/> <Valve className="org.apache.catalina.ha.session.JvmRouteBinderValve"/> <Deployer className="org.apache.catalina.ha.deploy.FarmWarDeployer" tempDir="/tmp/war-temp/" deployDir="/tmp/war-deploy/" watchDir="/tmp/war-listen/" watchEnabled="false"/> <ClusterListener className="org.apache.catalina.ha.session.JvmRouteSessionIDBinderListener"/> <ClusterListener className="org.apache.catalina.ha.session.ClusterSessionListener"/> </Cluster> vim /var/lib/tomcat/webapps/test/WEB-INF/web.xml # 在servlet字段前加如下内容 <distributable/> 在TomcatB的配置 vim /etc/tomcat/server.xml 在Engine字段中添加如下内容 <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster" channelSendOptions="8"> <Manager className="org.apache.catalina.ha.session.DeltaManager" expireSessionsOnShutdown="false" notifyListenersOnReplication="true"/> <Channel className="org.apache.catalina.tribes.group.GroupChannel"> <Membership className="org.apache.catalina.tribes.membership.McastService" address="228.0.120.14" port="45564" frequency="500" dropTime="3000"/> <Receiver className="org.apache.catalina.tribes.transport.nio.NioReceiver" address="172.16.29.20" port="4000" autoBind="100" selectorTimeout="5000" maxThreads="6"/> <Sender className="org.apache.catalina.tribes.transport.ReplicationTransmitter"> <Transport className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/> </Sender> <Interceptor className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/> <Interceptor className="org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor"/> </Channel> <Valve className="org.apache.catalina.ha.tcp.ReplicationValve" filter=""/> <Valve className="org.apache.catalina.ha.session.JvmRouteBinderValve"/> <Deployer className="org.apache.catalina.ha.deploy.FarmWarDeployer" tempDir="/tmp/war-temp/" deployDir="/tmp/war-deploy/" watchDir="/tmp/war-listen/" watchEnabled="false"/> <ClusterListener className="org.apache.catalina.ha.session.JvmRouteSessionIDBinderListener"/> <ClusterListener className="org.apache.catalina.ha.session.ClusterSessionListener"/> </Cluster>
vim /var/lib/tomcat/webapps/test/WEB-INF/web.xml # 在servlet字段前加如下内容 <distributable/>
session server的配置
这里的session server选择memcached,架构图如图1.2
图1.2
TomcatA和B的配置一样如下
vim /etc/tomcat/server.xml # 把原本的<Context>字段替换为如下的 <Context path="/test" appBase="/var/lib/tomcat/webapps/test/" reloadable="true"> <Manager className="de.javakaffee.web.msm.MemcachedBackupSessionManager" memcachedNodes="n1:172.16.29.30:11211,n2:172.16.29.40:11211" failoverNodes="n1" requestUriIgnorePattern=".*\.(ico|png|gif|jpg|css|js)$" transcoderFactoryClass="de.javakaffee.web.msm.serializer.javolution.JavolutionTranscoderFactory" /> </Context>
同时提供调用的模块,调用模块调用模块的地址如下http://down.51cto.com/data/2287135,这里的模块仅适用于Tomcat7
下载完导入/usr/share/java/tomcat/目录下就可以了
Tomcat8的把memcached-session-manager-tc7-1.8.3.jar替换为memcached-session-manager-tc8-1.8.3.jar就可以了,地址http://down.51cto.com/data/2287136
两个memcached配置
yum install memcached systemtcl start memcached
使用Nginx的做反向代理
vim /etc/nginx/nginx.conf #在http配置段中添加一个 upstream tomcat { server 172.16.29.10:8080; server 172.16.29.20:8080; } #在这个location调用upstream定义的负载均衡的两个服务器 location / { proxy_pass http://tomcat; }
本文出自 “老王linux旅程” 博客,请务必保留此出处http://oldking.blog.51cto.com/10402759/1896885
以上是关于tomcat的session问题的主要内容,如果未能解决你的问题,请参考以下文章
漏洞风险提示Tomcat Session反序列化代码执行漏洞
Redis+Tomcat+Nginx集群实现Session共享,Tomcat Session共享
使用Redis存储Nginx+Tomcat负载均衡集群的Session
漏洞预警:apache tomcat session 反序列化代码执行漏洞
C#-WebForm-★内置对象简介★Request-获取请求对象Response相应请求对象Session全局变量(私有)Cookie全局变量(私有)Application全局公共变量Vi(代码片段