On Mon, 8 Jul 2002 [EMAIL PROTECTED] wrote:
> Date: Mon, 8 Jul 2002 10:43:26 -0700 (PDT)
> From: [EMAIL PROTECTED]
> Reply-To: Tomcat Developers List <[EMAIL PROTECTED]>
> To: Tomcat Developers List <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED]
> Subject: Re: [PROPOSAL] Single signon and loadbalancer
>
> +1
>
> But before doing that - would it be possible to replace JSESSIONIDSSO
> with a mechanism relying only on JSESSIONID ?
>
When designing the way SSO worked in the first place, I couldn't think of
a solution with just JSESSIONID that supported single sign on when you
weren't using sessions in one or more of the applications. It seems to me
that this is an important functional requirement, and is at least
implicitly required by the spec (Servlet 2.3, section 12.6).
> Even if we patch mod_jk, there are other load balancing solutions
> ( hardware, etc ) - it would be much simpler if from 'outside'
> we would only use the standard JSESSIONID cookie / path param.
>
> Costin
>
Craig
> On Thu, 4 Jul 2002, Denis Benoit wrote:
>
> > Hi,
> >
> > With the current code (TC 4.1.6), the single signon does not work with the
> > loadbalancer connector.
> >
> > If a user was logged in a given webapp, the loadbalancer looks at the
> > JSESSIONID cookie (or URL parameter) to dispatch the request properly to the
> > tomcat where the user was logged on. But if the user hits another webapp,
> > the JSESSIONID is not present anymore and the dispatcher applies its
> > round-robin logic to dispatch the request to any tomcat. It nullifies the
> > effect of the single signon. There is two problem that prevent it to work.
> >
> > 1. On the Tomcat side, the generateSessionId() method of
> > org.apache.catalina.authenticator.AuthenticatorBase does not append
> > the jvmRoute of the Engine if one is specified. So when a user changes
> > webapp, the web connector dispatcher does not have any information to
> > properly route the request;
> >
> > 2. The current loadbalancer code specifically look for the JSESSIONID cookie
> > and does not look for a JSESSIONIDSSO cookie.
> >
> > I could provide a patch to org.apache.catalina.authenticator.AuthenticatorBase
> > to add the jvmRoute to the session id; in fact it is a copy of the code from
> > org.apache.catalina.session.ManagerBase.
> >
> > The change in:
> >
> > ./jk/native/common/jk_lb_worker.c
> > ./jk/native2/common/jk_requtil.c
> >
> > is also trivial, first the connector must look for the JSESSIONID cookie (or
> > param), and if not found it should look for the JSESSIONIDSSO cookie (or
> > param). Then the same logic should be applied if either one is found.
> >
> > Comments?
> >
> >
>
>
> --
> To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
>
>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
