On 08/05/2013 01:43 PM, Aaron Bennett wrote: > Hi Paul -- > > Did you get any decent response from this? I was just about to compose a > similar email when I saw yours. I'm hoping I can just use an mmcache ticket > registry and let a hardware Load Balancer take care of the session stuff, but > the documentation is a little outdated and inconsistent.
We're using load balancer SSL sticky sessions in place of Tomcat sessions, and Ehcache (over RMI) for ticket replication. I hear good things about memcached. The only downside I can think of is--as I understand it--a given node will lose its cache on a restart. We chose Ehcache for its bootstrap cache loading feature: populates ST & TGT caches from peers on startup. Our systems are on well-controlled subnet, so not too concerned about the relative lack of security. If needed, I've heard one can use of SSH tunneling or VPN to send replication traffic outside of the network--that, or use something other than RMI. Tom. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
