Re: tomcat session problem

Wed, 11 Jan 2012 10:22:24 -0800 

Hello, 

First Thanks for your reply, Dan.

1. Yes,  I am using apache2+mod_proxy in front of the two tomcats, here are the 
configuration in httpd.conf:

        ProxyPass /images/ !
        ProxyPass /css/ !
        ProxyPass /js/ !
        ProxyPass /photo/ !
        ProxyPass /icon/ !
        ProxyPass /pg/ !
        ProxyPass /job/ !
        ProxyPass /maintenance/ !
        ProxyRequests Off

        <Proxy balancer://cluster/>
                BalancerMember ajp://localhost:8009/ route=tomcat loadfactor=1
                BalancerMember ajp://localhost:8010/ route=tomcat2 loadfactor=1
        </Proxy>
        ProxyPass / balancer://cluster/ stickysession=JSESSIONID nofailover=On
        ProxyPassReverse / balancer://cluster/

2. I am not sure that whether the problem occurs on the same tomcat, because I 
have no any idea to confirm that. Could you give me any tips to find it out?  
This problem occurs occasionally, and I really don't know whether it is because 
of the session duplication or tomcat session manager itself.

3. But one thing I am sure is that the two users use different PC to login,  
which means that cookie is not the reason at all.

Any fellows have such a problem? This problem is so bad that it has dried me 
and my visitors crazy, which is a big security problem!

Any advice is high appreciated!

Thanks in advance!


Weffen


在 2012-1-11,下午9:52, Daniel Mikusa 写道:

> On Wed, 2012-01-11 at 02:29 -0800, Weffen Cheung wrote:
>> Hello,
>> 
>> I am using 2 tomcat(7.0.11) on my server, with clustering and session 
>> duplication. All the things are running smoothy except the session problem 
>> sometimes:
>> 
>> 1. userA login, userB login
> 
> Are userA and userB on the same TC instance?
> 
>> 2. Sometimes when userB load a page, he found that he has became userA, it 
>> means that userB's login session data has been replaced with userA. Don't 
>> know why. Is it a bug? 
> 
> In most cases this occurs due to a session, request or response object
> being retained by a servlet.  This is bad and can cause behaviors
> similar to the one you are reporting.
> 
>> Anyone encounter  the same problem??
>> 
>> Any advice would be high appreciated!
> 
> One other thought, what do you have in front of the two TC instances?
> Apache HTTPD with mod_proxy? or with mod_jk?
> 
> Have you confirmed that the correct session id is being sent from the
> browser to your load balancer and then from the load balancer to your TC
> instance?
> 
> Dan


--
Weffen Cheung
E: [email protected]
M: 13802222618

Reply via email to