Multisession among Tomcat servers and its synchornization
Hello everyone,
me and my coleague are new users of our first F5 LTM and we are also new to this forum. We have support for this device but so far we have no answer since last week and project should move forward...
Anyway, we've encountered simultaneous login issue.
Introduction:
We're using bigip to load balance java based web apps. It does load balancing based on jsessionid for java apps deployed on tomcat. We can say that we deployed standard environment with BIG-IP, Tomcat, Apache and persist sessions
- We run one port on our tomcat instances (8080)
- we allow only for https "secure" traffic. Bigip handles the https offload. Http "unsecure" requests are redirect to https
- We use oneconnect
- We parse certain POST request and insert user login and organization_unit into jsesssionID cookie
Issue description:
How it works without LB: User is logging into application. Tomcat instance "combine" new session with login. The general idea is to prevent simultaneous user login. In case when user is trying to log into from another "machine" and Tomcat detect that login is connected with another session user can decide what to do: log in and close old session or resign.
Issue with LB:
Tomcat instances haven't common sessions pool. Instances work independently. Clustering or session replication hasn't been configured.
I wonder whether it is possible to achieve such functionality using LB or how to send list of all persist sessions from LB to tomcat instances. We know that we are able to collect those information using "show ltm persistence persist-records virtual Virtual-Server-ID all-properties" but this approach require console access and it doesn't fulfill our expectations. Would you please suggest other solution?
Kind Regards, Filip