yes, the request is maintained, and sorry to say, session replication will not help you, cause right now we are not transferring notes (the state of login) across. My suggestion would be to use basic authentication instead if your requests jump from server to server.
Filip ----- Original Message ----- From: "senthilnathan thiagarajan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, July 16, 2004 8:25 AM Subject: Tomcat non-sticky load balancing Hai, We have an use case where each web request will be served by any one server from a cluster of tomcat servers (non-sticky load balancing). Session replication is not done as we maintain nothing in the session. The following are the steps involved in form-based-login in Tomcat 5.16 Client Server Request for an un autheticated resource a.jsp ----------------------------------------------------------------------------------------------------> Req 1 Redirect to login -page <------------------------------------------------------------------------------------------------------- Request for j_security_check ------------------------------------------------------------------------------------------------------> Req 2 Authentication passed <------------------------------------------------------------------------------------------------------- Redirect to a.jsp (Getting reauthenticated & register the session if Single Sign on enabled ) ------------------------------------------------------------------------------------------------------> Req 3 I think there is some state maintained by tomcat across these three requests. Therefore these three request needs to be processed by the same server for authentication to be successful. Please let us know the following things 1. Why is state maintained across the 3 requests. Can it be avoided. 2. How can we achieve non sticky load balancing with tomcat without doing session replication. Regards Senthil --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]