[Standards] BOSH with HTTP load balancers

[Ian Paterson]

Bill Bishop pointed out off-list that BOSH (XEP-0124) currently does not 
enable off-the-shelf (hardware) HTTP load balancers to be used. Such 
load balancers know about 'Set-Cookie' and 'Cookie' HTTP headers, but 
not about BOSH 'sid' attributes.

A small optional addition to the protocol will allow the "Cookie Passive 
Sticky" or "Cookie Insert Sticky" modes of hardware load balancers to be 
employed to distribute a connection manager's load amoungst a cluster of 
machines. I propose adding something like the following two paragraphs 
to XEP-0124:

"Some connection managers may choose to employ "off-the-shelf" "sticky 
session" HTTP load balancers. To enable such load balancing, a 
connection manager MAY include a "real server ID" value in an HTTP 
"Set-Cookie" header (see RFC 2965) in its Session Creation Response. The 
value MAY be the same as the 'sid' attribute of the <body/> element of 
the response. If a client receives a "Set-Cookie" header from the 
connection manager then it SHOULD treat the value as opaque, and set the 
value of the HTTP "Cookie" header of all its subsequent HTTP requests 
during the session to the value it received in the "Set-Cookie" header. 
If a connection manager receives a Session Creation Request that 
includes a "Cookie" header then it SHOULD ignore the value of the cookie."

"Note that clients running in restricted environments may not be able to 
read and/or set HTTP cookies, worse, some platforms or network 
components remove cookie-related headers. A connection manager SHOULD 
NOT rely on a client being able to return a cookie with each request."

Thoughts?

- Ian