A standard load balancing and session management scenario is illustrated in FIG. 1. A client computer 101 requests data provided by a resource that is made available through a group of servers 107A-C. The requested data can be available on any subset of the group of servers 107A-C. In the illustrated example, the servers provide web based resources such as web pages, images referenced by the web pages, and other content embedded in the web pages. Requests for data from the client computer 101 are initially handled by a web server 103.
The web server 103 analyzes an incoming request from the client computer 101. The request includes a uniform resource locator (URL) that identifies the requested resource, such as a web page. The web server 103 analyzes the URL and determines the documents and/or other content that is required to service the request. The requested documents and/or other content are provided by the servers 107A-C. The web server 103 forwards or generates a set of requests to the server 107A-C to obtain the documents and/or other content necessary for responding to the client's request.
Access to the servers 107A-C is controlled by a load balancing server 105. The load balancing server 105 receives requests from the web server 103 and determines which of the available servers 107A-C will provide the requested data. Once one of the servers 107A-C is selected by the load balancing server 105, then the selected server prepares a response to the data request and sets up a session between the client and the server. A session establishes a relationship between a client and a server such that a state of the session can be tracked, thereby enabling the client 101 to continue to communicate with the same server and for more complex operations to be performed, such as access to account information after a session is established through a log-in procedure.
Sessions are often established with a client 101 through the use of a cookie. A cookie is a small file stored on the client computer 101 that includes session identification information for a particular web page or web site. The cookie can include a session affinity mark with the session identifier. The session affinity mark indicates the particular server that is servicing a session so that the session information does not have to be stored by each of the servers that could possibly service a session. A client 101 that requires further data includes the session identifier and session affinity mark in its request. The load balancing server 105 uses the session affinity mark to direct the incoming request to the proper server 107A-C. However, some client security arrangements do not allow for the storage of cookies on the client computer 101 and the use of session affinity marks can become unstable and an may not be supported or otherwise available under certain circumstances.
If cookies are not allowed or supported at the client, the servers 107A-C generate a URL with the session information appended thereto or within the web page in the form <URL>;session_id[?query]. However, web pages that include embedded content that is provided by separate servers 107A-C are not supported. For example, one server 107A can provide the web page, while other servers 107B, C provide an image and table, respectively, for that web page. This results in an unstable system, because multiple servers having the same session name can have different identifiers that are not present across all of the servers 107A-C. Also, it is not possible to have mixed servers 107A-C from different application server vendors, because the session identifier creation and maintenance is application vendor specific.