We're using LVS for load balancing to three separate Tomcat 6 servers. We do not have session replication. We do use sticky load balancing, or it wouldn't work.
The problem is, we're having some customers, specifically people in parts of Australia and Malaysia, on wireless ISP's who are coming at us from different IP addresses depending upon whether the protocol is http or https. Our application switches between them based upon whether there is sensitive data in the page or not. Obviously, this means when they switch from the first one to the second, the load balancer doesn't realize they are the same browser and so it can, and frequently does, send them to a different server. We've verified this by getting them to disable cookies so that the jsessionid shows up in the logs. The same jsessionid shows up in the access log on one server and the ssl log on another server, with a different IP address in each log. They swear they aren't using proxies. I'm not sure I believe them. Is it possible that their ISP could be redirecting ports 80 and/or 443 through a proxy without the users browser being configured to do so? Is there some other reason why they could be hitting us from the same browser with two different IP addresses based upon using http or https? --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org