Looking at the code I think this is wrong
if (!_ssoSessionId.contains("." + jvmRoute)) {
_ssoSessionId += "." + jvmRoute;
response.addCookie(new Cookie(_SSO_SESSION_COOKIE_NAME, _ssoSessionId));
}
The original sessionId will already have the "."+_any_other_jvmRoute
included, so you need to substring it, and append the new jvmRoute.
_ssoSessionId= _ssoSessionId.substring(0, _ssoSessionId.indexOf("."))
and then add
_ssoSessionId += "." + jvmRoute;
AB
On Tue, Jun 22, 2010 at 1:03 PM, Okubo, Yasushi (TSD)
<[email protected]> wrote:
> Hi experts
>
>
>
> I found this old email from archive in TC 5.5.23.
>
> Does this problem still exist in tomcat 6.0.x or 6.0.26?
>
>
>
> When failover occurs, sso session id is updated with new number after
> forcing a user to relogin to the application since sso session id is not
> replicated and rewritten correctly. Could someone explain what is
> expected in current tomcat 6.0.x cluster upon failover? Should sso
> session id is replicated correctly in tomcat 6.0.x?
>
>
>
> Thanks,
>
> yasushi
>
>
>
>
>
>
>
> ROOKIE wrote:
> Hi,
> I have a problem with tomcat cluster + mod_proxy load balancer :
>
> We have a main app which authenticate itself to a webapp and from this
> app one
> can launch embedded apps which use the SSO cookie to access other
> webapps on
> the server (Single-Sign-On for the user).
>
> Things are working perfectly for the normal cookie but not for the sso
> cookie.
>
>
> The problem I have is that tomcat does not replicate SSO sessions so
> when these embedded apps route through the load balancer we get 401s on
> all the other cluster members except the one which actually generated
> the SSO cookie.
>
> I wanted to know if we can edit the SSO cookie generated by tomcat to
> also
> contain the jvmRoute parameter so that the load balancer directly goes
> to the
> correct cluster member.
>
>
> I tried doing this in my code by fetching the SSO cookie and appending
> to it
> the jvmRoute as follows :
>
> HttpServletRequest request =
> (HttpServletRequest)Security.getContext(HttpServletRequest.class);
> HttpServletResponse response =
> (HttpServletResponse)Security.getContext(HttpServletResponse.class);
> if(request != null) {
> String jvmRoute = "Vinod_Cluster_1"; // as mentioned in
> server.xml
> Cookie[] cookies = request.getCookies();
> for(int nc=0; cookies != null && nc < cookies.length; nc++)
> {
> if(_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) {
> _sessionId = cookies[nc].getValue();
> }
>
> else if(_SSO_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) {
>
> _ssoSessionId = cookies[nc].getValue();
> if (!_ssoSessionId.contains("." + jvmRoute)) {
> _ssoSessionId += "." + jvmRoute;
>
> response.addCookie(new Cookie(_SSO_SESSION_COOKIE_NAME, _ssoSessionId));
> }
>
>
> }
>
>
> But after this I started getting 401s from even the correct cluster
> member. My guess is addCookie doesnt update the cookie in tomcat's cache
> which is reasonable.
>
> Other thought was to edit tomcat's sso cookie generation code to append
> the
> jvmRoute to the sso cookie.
>
>
> Is there an better way to achieve this in my code base ?
>
> Thanks In Advance,
> Vinod
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
