Dear Tomcat devs, I meet a problem when config a web project which using the form based security in clustering.
When I set session affinity = true in my front http server, the security check was done in single node, there is no problem with that. But if I set affinity = false, the requests from the security check process are sent to 2 nodes, and it is really strange.. eg: 1. From index.html(NodeA), try to access protected resouce 2. Go to the logon.html(NodeB), I input the id/passwd, and then submit 3. The request looks like sent to NodeA, but did not do any check operation. Does that work as design? that is, if I wanna use form check security, my cluster must be session affinity? Thanks in advance! -Rex
