Hi experts
I found this old email from archive in TC 5.5.23. Does this problem still exist in tomcat 6.0.x or 6.0.26? When failover occurs, sso session id is updated with new number after forcing a user to relogin to the application since sso session id is not replicated and rewritten correctly. Could someone explain what is expected in current tomcat 6.0.x cluster upon failover? Should sso session id is replicated correctly in tomcat 6.0.x? Thanks, yasushi ROOKIE wrote: Hi, I have a problem with tomcat cluster + mod_proxy load balancer : We have a main app which authenticate itself to a webapp and from this app one can launch embedded apps which use the SSO cookie to access other webapps on the server (Single-Sign-On for the user). Things are working perfectly for the normal cookie but not for the sso cookie. The problem I have is that tomcat does not replicate SSO sessions so when these embedded apps route through the load balancer we get 401s on all the other cluster members except the one which actually generated the SSO cookie. I wanted to know if we can edit the SSO cookie generated by tomcat to also contain the jvmRoute parameter so that the load balancer directly goes to the correct cluster member. I tried doing this in my code by fetching the SSO cookie and appending to it the jvmRoute as follows : HttpServletRequest request = (HttpServletRequest)Security.getContext(HttpServletRequest.class); HttpServletResponse response = (HttpServletResponse)Security.getContext(HttpServletResponse.class); if(request != null) { String jvmRoute = "Vinod_Cluster_1"; // as mentioned in server.xml Cookie[] cookies = request.getCookies(); for(int nc=0; cookies != null && nc < cookies.length; nc++) { if(_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) { _sessionId = cookies[nc].getValue(); } else if(_SSO_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) { _ssoSessionId = cookies[nc].getValue(); if (!_ssoSessionId.contains("." + jvmRoute)) { _ssoSessionId += "." + jvmRoute; response.addCookie(new Cookie(_SSO_SESSION_COOKIE_NAME, _ssoSessionId)); } } But after this I started getting 401s from even the correct cluster member. My guess is addCookie doesnt update the cookie in tomcat's cache which is reasonable. Other thought was to edit tomcat's sso cookie generation code to append the jvmRoute to the sso cookie. Is there an better way to achieve this in my code base ? Thanks In Advance, Vinod