3 Replies Latest reply on Sep 2, 2005 3:13 PM by brian.stansberry

Having to re-login on HTTP failover

sashablank Aug 8, 2005 3:15 AM

I've set up my application for clustering against JBoss 4.0.2. I'm using two nodes (WinXP Pro 2002 SP2 + JDK 1.4.2_05), and Apache2 + mod_jk1.2 for HTTP failover/load-balancing. My issue is that whenever I shut down the server to which a HTTP client has a sticky connection, Apache correctly redirects a new request from the client to the other server, but I have to login again. Given that the client's session is being replicated on both servers, is this correct behavior?

Some observations:

1. As long as both servers are up, I keep monitoring TomcatClusteringCache on each server using printDetails() while I navigate the application. Both the printDetails() outputs remain in-synch throughout.

2. I've modified the login page to print the session ID. On failover, I've verified that the session ID shown on the login page is the same as the one shown on initial login. This should mean that no new session is being created on failover. The TomcatClusteringCache details for the running server also don't show any new data.

3. After the relogin, I keep monitoring TomcatClusteringCache details for the running server while I navigate the application. The VERSION attribute for the original session gets incremented with each request. This should reinforce the claim that the replicated session (not a new one) is being used on failover.

4. There are no errors/exceptions in the logs or on the consoles.

The following are the failover-related configuration changes I made:

1. JBoss4/Apache2/mod_jk1.2 have been set up exactly as per http://wiki.jboss.org/wiki/Wiki.jsp?page=UsingMod_jk1.2WithJBoss.

2. In tc5-cluster-service.xml, used TCP config instead of UDP (required to get rid of cache lock timeout errors). Also, set CacheMode to REPL_SYNC.

3. Using ATTRIBUTE level replication granularity for the web module (required to get rid of ConcurrentModificationException thrown when using SESSION granularity).

4. Added distributable tag to descriptor for web module.

In case it's relevant, the web module is using FORM based login against a custom implementation of javax.security.auth.spi.LoginModule

Thanks

1. Re: Having to re-login on HTTP failover

brian.stansberry Aug 31, 2005 12:45 AM (in response to sashablank)

Please see http://jira.jboss.com/jira/browse/JBAS-1900

Brian Stansberry
Developer, JBoss Clustering
JBoss, Inc
Actions
2. Re: Having to re-login on HTTP failover

cptnkirk Sep 1, 2005 9:58 PM (in response to sashablank)

I'm seeing the following similar situation (JBoss 4.0.2). Please tell me I suffer from the same problem.

I have an SSO cluster with two machines. Each with clustered SSO enabled and each with web apps. I am using FORM login.

I am using a single main webapp (with login) form to provide SSO for the other apps. So logging in to the main app allows you to work with the other apps transparently. This works well locally. However if due to DNS round robining you get sent to another server in the cluster, the user will only be authenticated on this single main app.

Authentication to this app meant authentication to all apps locally, however when clustered, SSO seems to only be granted to this app, and the rest are forced to log in again.

Is this due to the same problem?

Thanks,
Jim
Actions
3. Re: Having to re-login on HTTP failover

brian.stansberry Sep 2, 2005 3:13 PM (in response to sashablank)

Jim,

I've replied on your other thread.

http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3892872

If when we track your problem down it proves to be related to this, I'll add a note to that effect here.

Best,
Actions

Go to original post