question for sso session replication in tomcat 6.0.26

Mon, 21 Jun 2010 20:04:43 -0700 

Hi experts

 

I found this old email from archive in TC 5.5.23.

Does this problem still exist in tomcat 6.0.x or 6.0.26?

 

When failover occurs, sso session id is updated with new number after
forcing a user to relogin to the application since sso session id is not
replicated and rewritten correctly.  Could someone explain what is
expected in current tomcat 6.0.x cluster upon failover?  Should sso
session id is replicated correctly in tomcat 6.0.x?

 

Thanks,

yasushi

 

 

 

ROOKIE wrote:
Hi,
I have a problem with tomcat cluster + mod_proxy load balancer :
 
We have a main app which authenticate itself to a webapp and from this
app one 
can launch embedded apps which use the SSO cookie to access other
webapps on 
the server (Single-Sign-On for the user).
 
Things are working perfectly for the normal cookie but not for the sso
cookie.
 

The problem I have is that tomcat does not replicate SSO sessions so
when these embedded apps route through the load balancer we get 401s on
all the other cluster members except the one which actually generated
the SSO cookie. 

I wanted to know if we can edit the SSO cookie generated by tomcat to
also 
contain the jvmRoute parameter so that the load balancer directly goes
to the 
correct cluster member.
 
 
I tried doing this in my code by fetching the SSO cookie and appending
to it 
the jvmRoute as follows :
 
        HttpServletRequest request = 
(HttpServletRequest)Security.getContext(HttpServletRequest.class);
        HttpServletResponse response = 
(HttpServletResponse)Security.getContext(HttpServletResponse.class);
        if(request != null) {
            String jvmRoute = "Vinod_Cluster_1";    // as mentioned in 
server.xml
            Cookie[] cookies = request.getCookies();
            for(int nc=0; cookies != null && nc < cookies.length; nc++)
{
                if(_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) {
                    _sessionId = cookies[nc].getValue();
                }

else if(_SSO_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) { 

                    _ssoSessionId = cookies[nc].getValue();
                    if (!_ssoSessionId.contains("." + jvmRoute)) {
                        _ssoSessionId += "." + jvmRoute;

response.addCookie(new Cookie(_SSO_SESSION_COOKIE_NAME, _ssoSessionId));
} 

 
                }
 

But after this I started getting 401s from even the correct cluster
member. My guess is addCookie doesnt update the cookie in tomcat's cache
which is reasonable. 

Other thought was to edit tomcat's sso cookie generation code to append
the 
jvmRoute to the sso cookie.
 

Is there an better way to achieve this in my code base ? 

Thanks In Advance,
Vinod

Reply via email to