That sounds about right. Don't forget that you can't be stateless if you > need logins of some type (unless you use BASIC auth, which looks ugly > from a user point of view).
Why is this? Others who answered to this thread and discussions in general around web applications describe statelessness as an option for fully-functional webapps, which I imagine includes login functionality. I'm not convinced you can reasonably do authenticated transactions > (using Tomcat's auth) without stateful connections. You can hack around > with storing login cookies or doing your own auth management, but I like > the simplicity of using J2EE auth. Could you describe the limitations of statelessness as it relates to Tomcat's authorization? If you use your own custom login functionality then I see how there's no problem (just check the cookie or database for the current session ID for the right credentials, then allow access), but is the same mechanism not possible or available when trying to use the Tomcat or standard Servlet authentication mechanism? Pretty much nothing, unless you get lots of people who login and then > walk away from their computers, and for some reason all of the > walk-aways get assigned to one server, while all the other (active) > users end up on another server. Then, you'd have one server with lots of > load and one that's basically idle. This is unlikely, though. What's Tomcat's algorithm for load-balancing while taking into account session affinity? I remember in the response to another of my threads on this list people saying that it's generally outdated to use connectors and front Tomcat with Apache. I just want to confirm that it's the connector mechanism by which load balancing is possible with Tomcat, right? On what machine is the connector software usually on? If you have 5 machines with Tomcat on each, would you have the load balancer on one of those, on a dedicated machine, or would you have some other setup? What's generally done in production for high-availability sites? -- View this message in context: http://www.nabble.com/-OT--Session-replication-vs-stateless-tf4325727.html#a12369222 Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
