-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rex,
On 9/20/2009 11:26 PM, Rex Wang wrote:
> I am using clustering, and the security checking process can not complete if
> the session affinity = false.
> Looks like the login name and password are posted to another node, and some
> times I got a 400 error
> "HTTP Status 400 - Invalid direct reference to form login page".
Hmm... I don't know how Tomcat does clustering, but if you are getting
responses like that ("Invalid direct reference"), then either Tomcat
requires session affinity for clustered authentication or there is a bug
somewhere.
Technically, I believe that Tomcat requires a session in order to store
your original request so it can be re-played after successful
authentication. In that case, I would have expected the session to be
replicated across the cluster before the request for j_security_check
was submitted.
Could you please post your cluster configuration? Can you confirm that
your sessions are correctly replicated when you *are* able to login
successfully?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkq44RsACgkQ9CaO5/Lv0PAWogCfXV66Um820X7bmrwzi7/N81vH
/5QAni16WrBB28m+jbXm+fS6cEs6qN1/
=IFe7
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
