I think it would be difficult, since JSESSIONID is distinct for each webapp on a Tomcat, only JSESSIONIDSSO (if the SingleSignon valve is activated) is common to all webapps.
I'll try to think of something, but if you think of something first, let me know :) On Mon, 8 Jul 2002 [EMAIL PROTECTED] wrote: > +1 > > But before doing that - would it be possible to replace JSESSIONIDSSO > with a mechanism relying only on JSESSIONID ? > > Even if we patch mod_jk, there are other load balancing solutions > ( hardware, etc ) - it would be much simpler if from 'outside' > we would only use the standard JSESSIONID cookie / path param. > > Costin > > On Thu, 4 Jul 2002, Denis Benoit wrote: > > > Hi, > > > > With the current code (TC 4.1.6), the single signon does not work with the > > loadbalancer connector. > > > > If a user was logged in a given webapp, the loadbalancer looks at the > > JSESSIONID cookie (or URL parameter) to dispatch the request properly to the > > tomcat where the user was logged on. But if the user hits another webapp, > > the JSESSIONID is not present anymore and the dispatcher applies its > > round-robin logic to dispatch the request to any tomcat. It nullifies the > > effect of the single signon. There is two problem that prevent it to work. > > > > 1. On the Tomcat side, the generateSessionId() method of > > org.apache.catalina.authenticator.AuthenticatorBase does not append > > the jvmRoute of the Engine if one is specified. So when a user changes > > webapp, the web connector dispatcher does not have any information to > > properly route the request; > > > > 2. The current loadbalancer code specifically look for the JSESSIONID cookie > > and does not look for a JSESSIONIDSSO cookie. > > > > I could provide a patch to org.apache.catalina.authenticator.AuthenticatorBase > > to add the jvmRoute to the session id; in fact it is a copy of the code from > > org.apache.catalina.session.ManagerBase. > > > > The change in: > > > > ./jk/native/common/jk_lb_worker.c > > ./jk/native2/common/jk_requtil.c > > > > is also trivial, first the connector must look for the JSESSIONID cookie (or > > param), and if not found it should look for the JSESSIONIDSSO cookie (or > > param). Then the same logic should be applied if either one is found. > > > > Comments? > > > > > -- Denis Benoit ********************************************************************** Financiere Banque Nationale et NBCN n'assument aucune responsabilite quant a la confidentialite et l'integrite du present courriel en raison des risques d'interception inherents a l'Internet. Pour cette raison, toute opinion exprimee au terme des presentes ne reflete pas necessairement celle de Financiere Banque Nationale et de NBCN. ********************************************************************** Due to the security risks involved in sending information over the Internet, National Bank Financial and NBCN cannot be held responsible for ensuring the confidentiality and integrity of the present e-mail. For this reason, the opinions expressed herein do not necessarily reflect those of National Bank Financial and NBCN. ********************************************************************** -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
