I'm hoping someone may have some insight into a difficult problem we are having. We have a situation where the JSESSIONID seems to get lost somewhere in a users transaction - the result is they get kicked back to the applications login page (no sessionid so the app thinks they haven't logged in).
Our current setup is two hardware load balancers (layer 4) in front of two Apache servers (2.2.14) which sit in front of two tomcat servers (6.0.20). The hardware load balancers load balance apache and apache load balances tomcat using AJP via mod_proxy. Apache and Tomcat are running on RHEL4 32-bit. The JVM is 1.6. This issue first popped up when we moved to the above architecture - previously we had no hardware load balancers and only one apache server balancing two tomcat servers (still with AJP via mod_proxy). Initial thoughts were that it had something to do with either the 2nd apache server or the load balancers. One way we have made this better (but not fixed) was to turn off one of the tomcat servers so that requests could only go to one place - we thought that the users session was being sent to the other tomcat server even though we were using sticky sessions. This was our temporary fix until we could implement clustering, but today we found that users were still being kicked back to the login page even with only one tomcat server running. In the interim we have turned off one of the apache servers to see if that helps (so two hardware load balancers, one apache server and one tomcat server). This problem is intermittent and almost impossible to reproduce, but it does seem to happen more under heavy load. Any insight would be very much appreciated. If it would help I can post our apache and tomcat configurations. Thanks in advance.
