Hi Gilles

I restart a conversatoion as a question to clarify the situation :

I followed your recommendation to configure static cookie entries in each sticky group, but I still experience the problem of sessions getting re-load balanced to the second server when returning from HTTPS to HTTP :

It seems that the ACE ignores the static entries !

To make my question clear, I repeat hereafter the setup and the encountered problem :

Here is the setup :

• An ACE load balance user requests on two Apache servers
• cookie-insert is used to stick a user on one Apache server
• The home page is accessed via http on port 80
• On the Home page, there is a link to allowing the user to login
• The login process uses SSL
• During the login, backend SSL is required between the ACE and the selected Apache server
• The login is a POST request to the Apache server
• After a successful login, the home page is reloaded on port 80 and the name of the user should appear on the top of the page
  

The ACE configuration :

• Two sticky groups are configured : one for HTTP acess and another for HTTPS access
• Two server farms are defined, both using the same real servers, but with different ports (80 and 443)
• In the ECOM_STICKY_TEST_HTTP stick group the two following cookies are automatically generated :
  • R105816849   for the server HQCHECOM01
    
  • R105852786   for the server HQCHECOM02
• In the ECOM_STICKY_TEST_HTTPS stick group the two following cookies are automatically generated :
  • R355972695   for the server HQCHECOM01
    
  • R357158616   for the server HQCHECOM02
    
• I statically configured in the each sticky group the cookies used by the other sticky group, to allow stickiness when the browser switches from HTTP to HTTPS and vice versa :

sticky http-cookie STICKED-TO ECOM_STICKY_TEST_HTTP
  cookie insert browser-expire
  timeout 240
  replicate sticky
  serverfarm ECOM_FARM_TEST_HTTP backup WEB_REDIRECT_001
  56 static cookie-value "R355972695" rserver HQCHECOM01
  64 static cookie-value "R357158616" rserver HQCHECOM02

sticky http-cookie STICKED-TO ECOM_STICKY_TEST_HTTPS
  cookie insert browser-expire
  timeout 240
  replicate sticky
  serverfarm ECOM_FARM_TEST_HTTPS backup WEB_REDIRECT_001
  72 static cookie-value "R105816849" rserver HQCHECOM01
  80 static cookie-value "R105852786" rserver HQCHECOM02

serverfarm host ECOM_FARM_TEST_HTTP
  description *** e-Commerce Test Server Farm ***
  probe ECOM_PROBE_TEST
  rserver HQCHECOM01 80
   inservice
  rserver HQCHECOM02 80
   inservice
    

serverfarm host ECOM_FARM_TEST_HTTPS
  description *** e-Commerce Test Server Farm ***
  probe ECOM_PROBE_TEST
  rserver HQCHECOM01 443
   inservice
  rserver HQCHECOM02 443
   inservice

The problem :

Let analyse the sequence of events and the value of the http cookie for each of them :

• When the the home page is originally loaded, the ACE selects SERVER-1
  
• The ACE inserts the cookie "A" in the server responses
• The user is sticked to SERVER-1
  
• Then, the user tries to login and an SSL session is established with the ACE
• The user sends a POST request containing the cookie "A"
• A backend SSL session is established with SERVER-1
• The POST request is forwarded to SERVER-1
• SERVER-1 responds with a 200 OK and the ACE generates another cookie "B" as it belongs to the sticky group ECOM_STICKY_TEST_HTTPS
• The client browser reloads the page on port 80 and provides the cookie "B" (the last received)
  
• The ACE sees the cookie "B" and should use the static cookie entry to select the SERVER-1
• But instead, the ACE perform another load balancing decision and selects SERVER-2 !
  
• The page is reloaded, but the name of the user does not appear on it

LiveHTTP Trace on Firefox :

GET /ecom/medias/sys_master/8800775602206/Home-page-main-banners-video.jpg HTTP/1.1
Host: ecom.test.toto.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 (CK-IBM) Firefox/3.5.8
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://ecom.test.toto.com/uk/en/home
Cookie: STICKED-TO=R105816849;

HTTP/1.1 200 OK
Set-Cookie: STICKED-TO=R105816849; path=/
Date: Mon, 18 Oct 2010 15:31:37 GMT
Server: Apache/2.2.13 (Red Hat)
Connection: close
Transfer-Encoding: chunked
Content-Type: image/jpeg

Here we switch on HTTPS :

----------------------------------------------------------
https://ecom.test.toto.com/uk/en/j_spring_security_check

POST /uk/en/j_spring_security_check HTTP/1.1
Host: ecom.test.toto.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 (CK-IBM) Firefox/3.5.8
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://ecom.test.toto.com/uk/en/home
Cookie: STICKED-TO=R105816849; JSESSIONID=089DCF987DC03CAE0F516298EB886DAB.node1;
Content-Type: application/x-www-form-urlencoded
Content-Length: 75
spring-security-redirect=&j_username=yves144%40yahoo.com&j_password=junon01

Here we see cookie for the same server but for the HTTPS sticky group :

HTTP/1.1 302 Moved Temporarily
Set-Cookie: STICKED-TO=R355972695; path=/
Set-Cookie: _hybris.tenantID_=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; HttpOnly
Date: Mon, 18 Oct 2010 15:31:39 GMT
Server: Apache/2.2.13 (Red Hat)
Location: http://ecom.test.toto.com/uk/en/home
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Here we switch back to HTTP :

----------------------------------------------------------
http://ecom.test.toto.com/uk/en/home

GET /uk/en/home HTTP/1.1
Host: ecom.test.toto.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 (CK-IBM) Firefox/3.5.8
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://ecom.test.toto.com/uk/en/home
Cookie: STICKED-TO=R355972695; JSESSIONID=089DCF987DC03CAE0F516298EB886DAB.node1;
                  
Here we see that the second server has been wrongly selected !

HTTP/1.1 200 OK
Set-Cookie: STICKED-TO=R105852786; path=/
Set-Cookie: _hybris.tenantID_=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; HttpOnly
Set-Cookie: JSESSIONID=5A0F6EB8FBF63D5D0590FECEC62A302E.node2; Path=/; HttpOnly
Date: Mon, 18 Oct 2010 15:31:40 GMT
Server: Apache/2.2.13 (Red Hat)
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store
Content-Language: en-GB
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=UTF-8

----------------------------------------------------------
http://ecom.test.toto.com/ecom/medias/sys_master/8796174057502/uk.gif

GET /ecom/medias/sys_master/8796174057502/uk.gif HTTP/1.1
Host: ecom.test.toto.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 (CK-IBM) Firefox/3.5.8
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://ecom.test.toto.com/uk/en/home
Cookie: STICKED-TO=R105852786; JSESSIONID=5A0F6EB8FBF63D5D0590FECEC62A302E.node2;

HTTP/1.1 200 OK
Set-Cookie: STICKED-TO=R105852786; path=/
Date: Mon, 18 Oct 2010 15:31:40 GMT
Server: Apache/2.2.13 (Red Hat)
Content-Length: 382
Connection: close
Content-Type: image/gif

Hypothesis :

It seems that the static entries are not considered by the ACE...