Am 13.03.2015 um 16:28 schrieb Christopher Schultz:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Mark,
On 3/12/15 1:13 PM, Mark Thomas wrote:
On 12/03/2015 15:20, Sascha Skorupa wrote:
Hi,
here:
http://grokbase.com/t/tomcat/users/13bvsbwb8s/multiple-servers-and-digest-authentication
the same problem is described and the recommended solution is to use
sticky load balancing. But, the problem in a tomcat cluster is that the
session ID is generated after a successful authentication. The first
http response (401 with Authentication Header) does not contain a
session ID.
How should sticky load balancing be configured or how to enforce
session id generation before authentication?
Most load-balancers have various options for doing this that don't
depend on the back-end server at all.
Perhaps an option in Tomcat that will force the creation of a session
when a DIGEST authentication is requested might be useful. This would
tie e.g. mod_jk to the proper back-end server.
I'm not sure how this could be done using mod_jk without such a
feature, or changes to mod_jk itself to annotate the request with the
chosen worker, which could then be converted into a cookie in order to
keep the node-hint associated with the client.
Yes, mod_jk can help since version 1.2.38: Look for "set_session_cookie"
on http://tomcat.apache.org/connectors-doc/reference/workers.html. Using
that attribute you can let mod_jk set the cookie, if it doesn't find one
already set by Tomcat. You need to also set "session_cookie=JSESSIONID"
and "session_cookie_path=/myapp" where you adjust myapp to your context
path.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
