tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rex Wang <rwo...@gmail.com>
Subject Re: what does j_security_check do in clustering?
Date Mon, 21 Sep 2009 03:26:39 GMT
2009/9/18 Mark Thomas <markt@apache.org>

> Rex Wang wrote:
> > 2009/9/17 Mark Thomas <markt@apache.org>
> >
> >> Rex Wang wrote:
> >>> Dear Tomcat,
> >>>
> >>> I meet a problem when config a web project which using the form based
> >>> security in clustering.
> >> Clustering or load-balancing? Whether or not session replication is
> >> configured between your Tomcat instance's is key.
> >>
> >
> > I guess the j_security_check is not implemented by session. so the
> session
> > replication does not work for security check, right?
>
> I thought it did - hence my question about whether you were using
> clustering or just load balancing.
>

I am using clustering, and the security checking process can not complete if
the session affinity = false.
Looks like the login name and password are posted to another node, and some
times I got a 400 error
"HTTP Status 400 - Invalid direct reference to form login page".

I just wanna know, how to do the form based security check if the session
affinity = false in clustering.

Many thanks

-Rex


>
> > So the sticky session is the precondition of tomcat clustering?
>
> No. It is strongly recommended, but it isn't required providing you set
> up your cluster appropriately.
>
> Mark
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message