Hi, In our company we have a distributed clustered application that uses session replication, single sign on and form-based authentication.
When implementing this scenario we used Jboss(clustering)+Tomcat(servlets+jsp)+Apache(load balancing). If you don't want to use stiky sessions, you're forced to make all information of a particular user session live in one node of the cluster, then tomcat is able to find it's SavedRequest Object when authenticating an user. What's natural is that Apache should be able to choose any of the cluster nodes to continue the authentication process ( once the user has been redirected to the login page), but, as SavedRequest is not Serializable it's impossible for an application server clustering implementation to replicate the SavedRequest info in the nodes of the cluster. We're working hand to hand with jboss in trying to implement this behaviour (as you can see in http://www.jboss.com/index.html?module=bb&op=viewtopic&t=89734 and http://jira.jboss.com/jira/browse/JBCLUSTER-148 ) and to allow the serializing of SavedRequest and begin Jboss specific implementation we need from Tomcat to make org.apache.catalina.authenticator.SavedRequestSerializable (implements java.io.Serializable) and as a consecuence, make javax.servlet.http.CookieSerializable too (I know, I know, I've read the disclaimer regarding JDK 1.01... but...). We've already checked that making both classes Serializable does not affect to Tomcat's behaviour and eases very much our approach to the problem in JBoss (and other Application servers that use Tomcat as servlet/jsp container). Is this possible?, Do you want us to send the proper diff files against cvs? Greets, -- Alberto Rodriguez Galdo [EMAIL PROTECTED]