Rex Wang wrote: > Dear Tomcat, > > I meet a problem when config a web project which using the form based > security in clustering.
Clustering or load-balancing? Whether or not session replication is configured between your Tomcat instance's is key. > When I set session affinity = true in my front http server, the security > check was done in single node, there is no problem with that. > But if I set affinity = false, the requests from the security check process > are sent to 2 nodes, and it is really strange.. eg: > > 1. From index.html(NodeA), try to access protected resouce > 2. Go to the logon.html(NodeB), I input the id/passwd, and then submit > 3. The request looks like sent to NodeA, but did not do any check operation. > > Does that work as design? that is, if I wanna use form check security, my > cluster must be session affinity? That depends on the answer to the question above. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
