Re: JSESSIONID being lost
Hi Jim There may be another mis-configured server out there that produces JSESSIONID cookies with a domain-wide scope. SAP portals are a known problem. Best of luck Regards Ron - Original Message - From: Jim Goodspeed goodspeeds...@gmail.com To: users@tomcat.apache.org Sent: Wednesday, April 21, 2010 10:47 AM Subject: JSESSIONID being lost I'm hoping someone may have some insight into a difficult problem we are having. We have a situation where the JSESSIONID seems to get lost somewhere in a users transaction - the result is they get kicked back to the applications login page (no sessionid so the app thinks they haven't logged in). Our current setup is two hardware load balancers (layer 4) in front of two Apache servers (2.2.14) which sit in front of two tomcat servers (6.0.20). The hardware load balancers load balance apache and apache load balances tomcat using AJP via mod_proxy. Apache and Tomcat are running on RHEL4 32-bit. The JVM is 1.6. This issue first popped up when we moved to the above architecture - previously we had no hardware load balancers and only one apache server balancing two tomcat servers (still with AJP via mod_proxy). Initial thoughts were that it had something to do with either the 2nd apache server or the load balancers. One way we have made this better (but not fixed) was to turn off one of the tomcat servers so that requests could only go to one place - we thought that the users session was being sent to the other tomcat server even though we were using sticky sessions. This was our temporary fix until we could implement clustering, but today we found that users were still being kicked back to the login page even with only one tomcat server running. In the interim we have turned off one of the apache servers to see if that helps (so two hardware load balancers, one apache server and one tomcat server). This problem is intermittent and almost impossible to reproduce, but it does seem to happen more under heavy load. Any insight would be very much appreciated. If it would help I can post our apache and tomcat configurations. Thanks in advance. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
JSESSIONID being lost
I'm hoping someone may have some insight into a difficult problem we are having. We have a situation where the JSESSIONID seems to get lost somewhere in a users transaction - the result is they get kicked back to the applications login page (no sessionid so the app thinks they haven't logged in). Our current setup is two hardware load balancers (layer 4) in front of two Apache servers (2.2.14) which sit in front of two tomcat servers (6.0.20). The hardware load balancers load balance apache and apache load balances tomcat using AJP via mod_proxy. Apache and Tomcat are running on RHEL4 32-bit. The JVM is 1.6. This issue first popped up when we moved to the above architecture - previously we had no hardware load balancers and only one apache server balancing two tomcat servers (still with AJP via mod_proxy). Initial thoughts were that it had something to do with either the 2nd apache server or the load balancers. One way we have made this better (but not fixed) was to turn off one of the tomcat servers so that requests could only go to one place - we thought that the users session was being sent to the other tomcat server even though we were using sticky sessions. This was our temporary fix until we could implement clustering, but today we found that users were still being kicked back to the login page even with only one tomcat server running. In the interim we have turned off one of the apache servers to see if that helps (so two hardware load balancers, one apache server and one tomcat server). This problem is intermittent and almost impossible to reproduce, but it does seem to happen more under heavy load. Any insight would be very much appreciated. If it would help I can post our apache and tomcat configurations. Thanks in advance.
Re: JSESSIONID being lost
2010/4/21 Jim Goodspeed goodspeeds...@gmail.com: Our current setup is two hardware load balancers (layer 4) in front of two Apache servers (2.2.14) which sit in front of two tomcat servers (6.0.20). The hardware load balancers load balance apache and apache load balances tomcat using AJP via mod_proxy. Apache and Tomcat are running on RHEL4 32-bit. The JVM is 1.6. 1. Note that there can be https://issues.apache.org/bugzilla/show_bug.cgi?id=48345 Session does time-out shorter than setting in web.xml when PersistentManager is used. 2. Maybe implementing a javax.servlet.http.HttpSessionListener will allow you to catch the circumstances when your issue happens. Note, that if you add it to ${catalina.base}/conf/web.xml, it will be present in all the web applications deployed on your server. That is, if the session actually expires on the server. We have a situation where the JSESSIONID seems to get lost somewhere in a users transaction - the result is they get kicked back to the applications login page (no sessionid so the app thinks they haven't logged in). Do you have any evidences on what actually happens? E.g., you can iterate over request headers to see if the cookie is actually present, and what path it contains, etc. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org