tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 25737] - Realm based authentication fails in cluster
Date Wed, 24 Dec 2003 16:36:48 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25737>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25737

Realm based authentication fails in cluster

KMcTiernan@concordefs.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |



------- Additional Comments From KMcTiernan@concordefs.com  2003-12-24 16:36 -------
I am aware of the servlet spec. requirements.  That's not the issue.  The user 
logs out/in/out/in.  Session is invalidated and set to null on each log out.  
This is when the problem occurs.  There should be no session associated with the 
user at that point, but I think the Tomcat server is unaware of this.  Also, 
the failure can occur on the first access (again, no session). I'm using mod_jk 
as a load balancer, which by default is supposed to be sticky sessions (but, 
again, shouldn't be the issue, since the user is logged out).  My 
workers.properties is below, and follows  the spec. exactly for load-balanced 
workers.  Also, my logout.jsp, which is pretty standard.  Am I missing something 
here?  I think this is a bug.  Oh, and there's no info anywhere on clustered 
Tomcat with form based authentication.  I think we might be one of the first to 
try to use it?

logout.jsp:

<%
    if (request.getRemoteUser() != null)
    {
        session.invalidate();
	  session = null;
        response.sendRedirect(request.getContextPath()+"/index.jsp");
        return;
    }
%> 

workers.properties:

worker.list=worker1

# Now define the load balanced workers
# Define as many as you need depending on server load
# Duplicate the blocks below and add the "wN" to the 
# balanced_workers list
worker.w1.type=ajp13 
worker.w1.host=localhost 
worker.w1.port=8009 
worker.w1.lbfactor=50 

worker.w2.type=ajp13 
worker.w2.host=localhost 
worker.w2.port=8009 
worker.w2.lbfactor=50 

worker.w3.type=ajp13 
worker.w3.host=localhost 
worker.w3.port=8009 
worker.w3.lbfactor=50 

worker.w4.type=ajp13 
worker.w4.host=localhost 
worker.w4.port=9009 
worker.w4.lbfactor=50

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message