Hi. I've set up a pair of Apache Tomcat servers (6.0.16) (using simpleTcpCluster for session replication) being reverse proxied by an Apache HTTPD server (2.2.8) all on the same machine.
I have a java servlet that requires authentication. The servlet when accessed directly on either one of the Tomcats works fine - normal operation being... User goes to servlet URL. Server redirects to login page. User sends j_security parameters (Yes, this is FORM authentication). If authenticates to valid user server redirects to originally requested URL. However, when I access the same servlet through the reverse proxy after restarting the servers (this only happens with the VERY FIRST request on the servers) I get this... User goes to servlet URL. Server redirects to login page. User sends j_security parameters. Server reports "Invalid direct reference to form login page". This error happens once then all works well even following the exact same steps from another instance of the same browser (after closing the browser to clear any session cookies). It happens even if you use WGET to perform the same operations, so I believe this rules out browser quirks too. It happens in IE and Firefox - all on only the first request to the proxy. I've also discovered that if I perform the steps described above direct to either of the Tomcat instances before going through the proxy then the problem then does not occur at all. Which makes me think it's a proxy/HTTPD problem. I've checked the Apache v2.2.9 changelog and I can't see anything that may be relevant, if this is a bug. However, if anyone knows different let me know. Any help much appreciated. Let me know if you need more details or if I should be talking to the tomcat group. -- Rob ([EMAIL PROTECTED]) --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
