-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rex,
On 9/20/2009 11:26 PM, Rex Wang wrote: > I am using clustering, and the security checking process can not complete if > the session affinity = false. > Looks like the login name and password are posted to another node, and some > times I got a 400 error > "HTTP Status 400 - Invalid direct reference to form login page". Hmm... I don't know how Tomcat does clustering, but if you are getting responses like that ("Invalid direct reference"), then either Tomcat requires session affinity for clustered authentication or there is a bug somewhere. Technically, I believe that Tomcat requires a session in order to store your original request so it can be re-played after successful authentication. In that case, I would have expected the session to be replicated across the cluster before the request for j_security_check was submitted. Could you please post your cluster configuration? Can you confirm that your sessions are correctly replicated when you *are* able to login successfully? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkq44RsACgkQ9CaO5/Lv0PAWogCfXV66Um820X7bmrwzi7/N81vH /5QAni16WrBB28m+jbXm+fS6cEs6qN1/ =IFe7 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org