On 15.01.21 15:57, juan wrote: > Hi, > > We were running tomcat 8.5.57 on CentOS 7 and together with CAS SSO, we > have multiple servers behind an AWS load balancer setup with sticky > sessions. We encountered a weird situation where a user who logged into > their application was presented with another users profile after login. Has > anyone encountered something similar to this? Both users hit the same > tomcat server seconds apart and the user was on his personal computer and > doesn't know the first user.
I've seen stuff like this happening when a reverse proxy was over-eager in caching stuff that it saw. 100% of cases where I've seen this behavior had this as a root cause. "over-eager" might mean that Tomcat (e.g. your app) doesn't signal the upstream proxy that the content is private, or the upstream proxy ignoring such signals. It's been a looooong time since I last saw it (and back then I didn't fix it myself - just provided information like the above) so I barely remember the key points to configure or look after. Maybe it helps already, otherwise we'll have to wait for someone to point to the usual suspects in the individual configurations. Olaf --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
