2009/9/18 Mark Thomas <ma...@apache.org> > Rex Wang wrote: > > 2009/9/17 Mark Thomas <ma...@apache.org> > > > >> Rex Wang wrote: > >>> Dear Tomcat, > >>> > >>> I meet a problem when config a web project which using the form based > >>> security in clustering. > >> Clustering or load-balancing? Whether or not session replication is > >> configured between your Tomcat instance's is key. > >> > > > > I guess the j_security_check is not implemented by session. so the > session > > replication does not work for security check, right? > > I thought it did - hence my question about whether you were using > clustering or just load balancing. >
I am using clustering, and the security checking process can not complete if the session affinity = false. Looks like the login name and password are posted to another node, and some times I got a 400 error "HTTP Status 400 - Invalid direct reference to form login page". I just wanna know, how to do the form based security check if the session affinity = false in clustering. Many thanks -Rex > > > So the sticky session is the precondition of tomcat clustering? > > No. It is strongly recommended, but it isn't required providing you set > up your cluster appropriately. > > Mark > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >