tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk de Kok <>
Subject why is Principal not serialized for clustering replication of ses sion?
Date Tue, 16 Aug 2005 16:42:31 GMT
hi all,

we are having a problem with our Tomcat 5.5.9 cluster. We run 2 Tomcat
instances on physically different machines. For security we use normal
container managed security, configured in the web.xml. Session replication
works fine, and session id's are same across the two instances. We only have
trouble with the authentication. 

For instance, if you are logged in on instance1, if in case of error the
load balancer redirects subsequent request to instance2, you have to login
again. Turning on Single Signon did not help. 

Browsing through the Tomcat source code I noticed that very explicit the
security Principal is not saved in a serialized session. Has anybody an idea
why this is not done? What way would we be able to let the security
information propagate throughout the cluster?

- OS: RH 4
 - App server: Tomcat 5.5.9
- Session replication: in-memory, pooled
- Load balancing via hardware load balancer (Cisco) with sticky sessions



- Lost Boys creates and delivers internet & mobile solutions -
Dirk de Kok | Java Specialist
Lost Boys B.V. | Joop Geesinkweg 209 | 1096 AV Amsterdam The Netherlands |
Tel: +31 20 4604500 | Fax: +31 20 4604501 | | 

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message