I wasn't on the apache team, unfortunately. They gave me a set of requirements at functionality they were pulling out and I took it from there. The biggest thing for me was supporting persistence for clients with or without cookies enabled. For those with cookies enabled, we did a simple cookie insert. For those that didn't, we extracted the jsessionID and stored that and the server IP in the session table. When a request came in, if the inserted cookie was not present, we'd look for the jsession in the URI and then use the host from the session table to map the request accordingly. The logic left in Apache on those apps was whether or not the request was ssl or not since at the time we weren't offloading SSL on the front-tier LTM.