-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Uwe,
On 11/25/11 7:43 AM, uwe.hellm...@t-systems.com wrote: > We have a Loadbalancer which roundrobin addresses 2 Apache 2.2. > which passes their requests via mod_proxy balancer to 2 tomcat > 5.5.26 servers which are configured identical and have also > clustering enabled. The application is located only on the > tomcats. Are you using HTTP or AJP? From your description, it's probably HTTP but it's worth asking. Are you able to test/reproduce without the lb or a second Tomcat in the mix? I'm sure this is a rare occurrence, so reproducing might not be easy. If you have a test bed environment that is identical to production (you do have one, right?), can you load it down and observe intermittent failures like this? If so, try hitting a single Tomcat directly and see if the problem disappears. > So what we have is a redirected response from a failed login > process. As example we have an login mask and while tryinig to > login we put the username "Tester" in the username inputfield send > the form away and get a login error message and the following URL > string: http://mytestsystem/login.action?login_error=1&u=Tester In > the input field the value Tester is still set. > > This result is as expected, but from time to time we saw the > following URL string returned > http://mytestsystem/login.action?login_error=1&u=OtherUser although > we sent the form with Tester as value away. But now in the input > field it is also OtherUser set. Have you reviewed the code in your test? Sometimes the tests are flawed. :( > We have checked Loadbalancer rewrites(possible Proxywrites) and > fount nothing. The behaviour seem to appear if we have much load on > these systems. Does anybody have any idea where I should start my > investigation. I would assume the application does have a problem > with session handling or a corruptable redirection method but the > developer told us everything is fine. Of course the developer told you that the software is bulletproof. :) Can you post your <Connector> elements from your server.xml (minus anything that might be considered sensitive, of course), and let us know if you are using APR (aka "native") with Tomcat. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7PpxcACgkQ9CaO5/Lv0PCuigCgl0CL4wzLoe616M4NBPBVKm6i jnIAn0q2Y8G8D1PYqAEeSB3VojOfMgms =Th2F -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org