Hi Jim
There may be another mis-configured server out there that produces
JSESSIONID cookies with a domain-wide scope. SAP portals are a known
problem.
Best of luck
Regards
Ron
----- Original Message -----
From: "Jim Goodspeed" <goodspeeds...@gmail.com>
To: <users@tomcat.apache.org>
Sent: Wednesday, April 21, 2010 10:47 AM
Subject: JSESSIONID being lost
I'm hoping someone may have some insight into a difficult problem we are
having. We have a situation where the JSESSIONID seems to get lost
somewhere in a users transaction - the result is they get kicked back to
the
applications login page (no sessionid so the app thinks they haven't
logged
in).
Our current setup is two hardware load balancers (layer 4) in front of two
Apache servers (2.2.14) which sit in front of two tomcat servers (6.0.20).
The hardware load balancers load balance apache and apache load balances
tomcat using AJP via mod_proxy. Apache and Tomcat are running on RHEL4
32-bit. The JVM is 1.6.
This issue first popped up when we moved to the above architecture -
previously we had no hardware load balancers and only one apache server
balancing two tomcat servers (still with AJP via mod_proxy). Initial
thoughts were that it had something to do with either the 2nd apache
server
or the load balancers.
One way we have made this better (but not fixed) was to turn off one of
the
tomcat servers so that requests could only go to one place - we thought
that
the users session was being sent to the other tomcat server even though we
were using sticky sessions. This was our temporary fix until we could
implement clustering, but today we found that users were still being
kicked
back to the login page even with only one tomcat server running. In the
interim we have turned off one of the apache servers to see if that helps
(so two hardware load balancers, one apache server and one tomcat server).
This problem is intermittent and almost impossible to reproduce, but it
does
seem to happen more under heavy load. Any insight would be very much
appreciated. If it would help I can post our apache and tomcat
configurations.
Thanks in advance.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org