I am experiencing a problem using software load balancer distributor (using round robin) to two Tomcat 4.1.24 instances running on the same machine. I am using the tomcat-replication.jar for in memory session replication. The context using session replication is also using a security-realm with form authentication. When the initial http request comes into server1, security constraint forces browser to my custom login form page. The submit of form(POST of j_security_check) then hits the server2. User authentication is successful, however server2 doesn't have the original http request. So he doesn't know the original URL to redirect to. This appears to happen b/c Tomcat places the original httprequest into the notes collection of the catalina session object. The notes collection doesn't appear to be replicated between servers. So, the second server doesn't have the original url. It looks like the principal gets replicated, along with all session attributes. So, the problem only happens at login. Meaning once the user is authenticated and redirected by the same server, I can switch servers successfully. From further testing, it looks like the same situation exists in Tomcat 5 with clustering code. I am wondering is this a known issue or if it should be considered an issue. Any configuration fixes or workarounds would be helpful. Thanks for your time!
--------------------------------- Do you Yahoo!? Yahoo! Search - Find what you�re looking for faster.
