tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <>
Subject Re: Migration from Tomcat6-Cluster to Tomcat7-Cluster: Digest Authentication problem
Date Fri, 13 Mar 2015 16:15:03 GMT
Am 13.03.2015 um 16:28 schrieb Christopher Schultz:
> Hash: SHA256
> Mark,
> On 3/12/15 1:13 PM, Mark Thomas wrote:
>> On 12/03/2015 15:20, Sascha Skorupa wrote:
>>> Hi,
>>> here:
> the same problem is described and the recommended solution is to use
> sticky load balancing. But, the problem in a tomcat cluster is that the
> session ID is generated after a successful authentication. The first
> http response (401 with Authentication Header) does not contain a
> session ID.
>>> How should sticky load balancing be configured or how to enforce
>>> session id generation before authentication?
>> Most load-balancers have various options for doing this that don't
>> depend on the back-end server at all.
> Perhaps an option in Tomcat that will force the creation of a session
> when a DIGEST authentication is requested might be useful. This would
> tie e.g. mod_jk to the proper back-end server.
> I'm not sure how this could be done using mod_jk without such a
> feature, or changes to mod_jk itself to annotate the request with the
> chosen worker, which could then be converted into a cookie in order to
> keep the node-hint associated with the client.

Yes, mod_jk can help since version 1.2.38: Look for "set_session_cookie" 
on Using 
that attribute you can let mod_jk set the cookie, if it doesn't find one 
already set by Tomcat. You need to also set "session_cookie=JSESSIONID" 
and "session_cookie_path=/myapp" where you adjust myapp to your context 



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message