I have setup load balancing and clustering between two Tomcat 5.5.7 instances and Apache 2.0.50 with mod_jk. Almost everything works great. I can fail back and forth between the 2 tomcat instances with no trouble. However, I am having problems with the form based authentication. I have an index.html file which redirects the user to a secured resource. When the user hits this file through Apache, it works like normal, directing them to the login page. However, when I attempt to login I get "Invalid direct reference to form login page". When I look in the logs, I see the user is being authenticated, and the correct roles are being found. If I continually try logging in, and hitting the secure page, eventually I get in. Then, if I bounce apache, the problem starts again. If I login in the exact same manner directly against one of the tomcat instances, everything works, and I continue to the secure resource. In addition, I have found that if I stop one tomcat instance, I can login on the first try even when going through apache.
It's worth noting, once I get successfully logged in once through apache (after many tries), I can logout/in repeatedly with no problem. Once I bounce apache, the problem starts again. I think something strange is happening with the login stuff when tomcat is clustered... Maybe I'm logging into 1 tomcat successfully, but being load balanced over to the other one, and the session has not been completely replicated yet? Any one else out there have this issue, or have any ideas? Thanks in advance! |)ave
