hi all, we are having a problem with our Tomcat 5.5.9 cluster. We run 2 Tomcat instances on physically different machines. For security we use normal container managed security, configured in the web.xml. Session replication works fine, and session id's are same across the two instances. We only have trouble with the authentication.
For instance, if you are logged in on instance1, if in case of error the load balancer redirects subsequent request to instance2, you have to login again. Turning on Single Signon did not help. Browsing through the Tomcat source code I noticed that very explicit the security Principal is not saved in a serialized session. Has anybody an idea why this is not done? What way would we be able to let the security information propagate throughout the cluster? Configuration: - OS: RH 4 - App server: Tomcat 5.5.9 - Session replication: in-memory, pooled - Load balancing via hardware load balancer (Cisco) with sticky sessions tia, Dirk - Lost Boys creates and delivers internet & mobile solutions - Dirk de Kok | Java Specialist Lost Boys B.V. | Joop Geesinkweg 209 | 1096 AV Amsterdam The Netherlands | Tel: +31 20 4604500 | Fax: +31 20 4604501 | [EMAIL PROTECTED] | www.lostboys.nl --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
