Authentication problems with tomcat clustering.

[David Owens <Da...@ngt.com>]

I have setup load balancing and clustering between two Tomcat 5.5.7
instances and Apache 2.0.50 with mod_jk.  Almost everything works great.
I can fail back and forth between the 2 tomcat instances with no
trouble.  However, I am having problems with the form based
authentication.  I have an index.html file which redirects the user to a
secured resource.  When the user hits this file through Apache, it works
like normal, directing them to the login page.  However, when I attempt
to login I get "Invalid direct reference to form login page".  When I
look in the logs, I see the user is being authenticated, and the correct
roles are being found. If I continually try logging in, and hitting the
secure page, eventually I get in.  Then, if I bounce apache, the problem
starts again. If I login in the exact same manner directly against one
of the tomcat instances, everything works, and I continue to the secure
resource.  In addition, I have found that if I stop one tomcat instance,
I can login on the first try even when going through apache.  

 

It's worth noting, once I get successfully logged in once through apache
(after many tries), I can logout/in repeatedly with no problem.  Once I
bounce apache,

the problem starts again.

 

I think something strange is happening with the login stuff when tomcat
is clustered...  Maybe I'm logging into 1 tomcat successfully, but being
load balanced over

to the other one, and the session has not been completely replicated
yet?

 

Any one else out there have this issue, or have any ideas?

 

Thanks in advance!

 

|)ave