-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Rainer,
On 3/13/15 12:15 PM, Rainer Jung wrote: > Am 13.03.2015 um 16:28 schrieb Christopher Schultz: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 >> >> Mark, >> >> On 3/12/15 1:13 PM, Mark Thomas wrote: >>> On 12/03/2015 15:20, Sascha Skorupa wrote: >>>> Hi, >>>> >>>> here: >>>> >>>> http://grokbase.com/t/tomcat/users/13bvsbwb8s/multiple-servers-and-digest-authentication >>>> >>>> >>>> >>>> >> >>>> the same problem is described and the recommended solution is to use >> sticky load balancing. But, the problem in a tomcat cluster is >> that the session ID is generated after a successful >> authentication. The first http response (401 with Authentication >> Header) does not contain a session ID. >>>> >>>> How should sticky load balancing be configured or how to >>>> enforce session id generation before authentication? >>> >>> Most load-balancers have various options for doing this that >>> don't depend on the back-end server at all. >> >> Perhaps an option in Tomcat that will force the creation of a >> session when a DIGEST authentication is requested might be >> useful. This would tie e.g. mod_jk to the proper back-end >> server. >> >> I'm not sure how this could be done using mod_jk without such a >> feature, or changes to mod_jk itself to annotate the request with >> the chosen worker, which could then be converted into a cookie in >> order to keep the node-hint associated with the client. > > Yes, mod_jk can help since version 1.2.38: Look for > "set_session_cookie" on > http://tomcat.apache.org/connectors-doc/reference/workers.html. > Using that attribute you can let mod_jk set the cookie, if it > doesn't find one already set by Tomcat. You need to also set > "session_cookie=JSESSIONID" and "session_cookie_path=/myapp" where > you adjust myapp to your context path. Oh, good: I had missed that feature. Thanks for pointing it out! - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVAytTAAoJEBzwKT+lPKRYO9EP/1NnmcKmXYwYYvtnb97dMZmz NI7GIaZYDhx1NLb7w5UFDrPNhaAvBDSvzmNxnhZPfdPcwUK93k95+KVymrpI49xh wJ7wbBlFPJcB6coK35jwp0oZnfKbUyHFZ6Qr/r4fbrd57PDqCKGLc/6YicY11nm+ 3EGCYHKe/B2orPNJvw+B5ZCm4cJFwh/VWespkAylCWbqJV1k882zG4MJEwZWgXdn FBLggaCW1N5V6LNAhKiwyrrZrcV9TY3zoMI4Dd8M8yzq8MoTbUK2g2sYZh0LNm0d 0ZbcE07uBUgO5NamNk049vSK+yx0gfHmnL1Gst/jdQ23I8876cTYNCkJKyb0/uDq x5nv2K+dYj1rDeak3j4PS35W+Z6C/SCyp8n3W2L16xtLYtDRQTYv4OTOv1oVTuA2 UueFMwnqRoJV24nLathp29RnjODK7shYce1JqShiAVXzyKSgAkWsu2J8V07txUjP 4v+E0LrWOGEimvHfrOYqdTmH+Ed6YEcttrYU2ddH1g2z4Hz9n+S+fsO2fQgLhY/S V6RluOXfAlg6+IFEtW7DW2PzXuQxOHfKfIX3dlBDGrJGoYNFdYY+uaZO6TPyp7qR UVO9BRA0Roxtpvn7TpJJjygjNXM7uac5MMeCJtA4KPd29PT0sxAnJv+NYpYJ1F35 XROKEh5OIpcNKOPxBoof =w+jN -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
