tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Weffen Cheung <>
Subject Re: tomcat session problem
Date Wed, 11 Jan 2012 18:21:44 GMT

First Thanks for your reply, Dan.

1. Yes,  I am using apache2+mod_proxy in front of the two tomcats, here are the configuration
in httpd.conf:

	ProxyPass /images/ !
        ProxyPass /css/ !
        ProxyPass /js/ !
        ProxyPass /photo/ !
        ProxyPass /icon/ !
        ProxyPass /pg/ !
        ProxyPass /job/ !
        ProxyPass /maintenance/ !
        ProxyRequests Off

        <Proxy balancer://cluster/>
                BalancerMember ajp://localhost:8009/ route=tomcat loadfactor=1
                BalancerMember ajp://localhost:8010/ route=tomcat2 loadfactor=1
        ProxyPass / balancer://cluster/ stickysession=JSESSIONID nofailover=On
        ProxyPassReverse / balancer://cluster/

2. I am not sure that whether the problem occurs on the same tomcat, because I have no any
idea to confirm that. Could you give me any tips to find it out?  This problem occurs occasionally,
and I really don't know whether it is because of the session duplication or tomcat session
manager itself.

3. But one thing I am sure is that the two users use different PC to login,  which means that
cookie is not the reason at all.

Any fellows have such a problem? This problem is so bad that it has dried me and my visitors
crazy, which is a big security problem!

Any advice is high appreciated!

Thanks in advance!


在 2012-1-11,下午9:52, Daniel Mikusa 写道:

> On Wed, 2012-01-11 at 02:29 -0800, Weffen Cheung wrote:
>> Hello,
>> I am using 2 tomcat(7.0.11) on my server, with clustering and session duplication.
All the things are running smoothy except the session problem sometimes:
>> 1. userA login, userB login
> Are userA and userB on the same TC instance?
>> 2. Sometimes when userB load a page, he found that he has became userA, it means
that userB's login session data has been replaced with userA. Don't know why. Is it a bug?

> In most cases this occurs due to a session, request or response object
> being retained by a servlet.  This is bad and can cause behaviors
> similar to the one you are reporting.
>> Anyone encounter  the same problem??
>> Any advice would be high appreciated!
> One other thought, what do you have in front of the two TC instances?
> Apache HTTPD with mod_proxy? or with mod_jk?
> Have you confirmed that the correct session id is being sent from the
> browser to your load balancer and then from the load balancer to your TC
> instance?
> Dan

Weffen Cheung
M: 13802222618

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message