Yes my environment is a clustered one. Thanks Rainer for the quick response, this was really helpful.
On Mon, Jul 23, 2012 at 3:40 PM, Rainer Jung <rainer.j...@kippdata.de>wrote: > > > It seems you are doing clustering? > > The cluster needs to be able to serialize sessions in order to replicate > them over the network. The message indicates, that the sesison attribute > org.apache.catalina.filters.**CSRF_NONCE used by the CSRF filter is not > serializable. > > You might > > - open an issue in the Tomcat bugzilla in order to get that fixed or > documented (cluster compatibility of the filter) > > - disable replication for that special attribute. This might limit your > ability to actual fail over in the cluster, but maybe you would need to > attribute in the session only for special use cases. > > To disable replication of the attribute "org.apache.catalina.filters.** > CSRF_NONCE": > > Since 7.0.22 and 6.0.34 you can configure, which session attributes you > want to distribute via a regular expression matched against the > attribute names. By default all attributes are replicated (and thus must > be serializable). > > See "sessionAttributeFilter" in > > http://tomcat.apache.org/**tomcat-7.0-doc/config/cluster-** > manager.html#Common_Attributes<http://tomcat.apache.org/tomcat-7.0-doc/config/cluster-manager.html#Common_Attributes> > > Regards, > > Rainer > > > ------------------------------**------------------------------**--------- > To unsubscribe, e-mail: > users-unsubscribe@tomcat.**apache.org<users-unsubscr...@tomcat.apache.org> > For additional commands, e-mail: users-h...@tomcat.apache.org > >