Memcached Tomcat Session Manager

Submitted by ian on Thu, 09/24/2009 - 11:20

I want to build a horizontally scaled, highly available, fault tolerant web application. I have an application that is all of these, to a certain degree. The main thing that's holding it back from completely satisfying these requirements is the fact that sessions are stored locally, so when a node goes down (crash or deployment), the session is lost. A typical solution for this problem is to store the sessions in a database. This is great, but adds considerable load on the database (constantly reading and writing sessions) - not good if you want to keep your application snappy.

I found a great solution to this problem here: http://code.google.com/p/memcached-session-manager/. Here's what it does:

* In the normal case, sessions are stored and read locally in Tomcat. This is fast, simple, what most people do, and what is done be default.
* In addition, sessions are stored in a memcached server (this can be done asynchronously).
* When a node (servlet instance) goes down, client requests are routed to another node. That node does not find the session in its default memory store, so it gets the session from the memcached server and then stores it locally.
* Memcached node failure is also implemented.

This is all implemented as a Tomcat Manager and Valve.

Okay, so why not just use this code? Well, there are a couple things that I want that is does not provide.

The first missing piece is the ability to add new memcached nodes to an already deployed webapp node. Let me explain. memcached-session-manager refers to memcached nodes by a name that is associated with a hostname and port of a memcached node (kind of like DNS mapping common names to IP addresses). This is fine as long as each webapp node knows about each memcached node at startup. But what if I add more webapp nodes to the webapp pool and more memcached nodes. Then there will be a webapp node (that has already been deployed) that does not know about a running memcached node. So if a client request failed over from a newly deployed node to an older node, the older node would not know how to find the memcached server to get the persisted session. In a nutshell, the memcached hostname and port need to be encoded in the session to avoid this problem.

The other missing piece (and much less important) is that I want to set the cookie domain for session cookies (for some reason (standards, I'm sure) Tomcat does not provide this out of the box).

Powered by Drupal, an open source content management system

Navigation