1 Reply Latest reply on Feb 21, 2015 8:39 AM by mp911de

    Web Session Replication on 2nd request? (JBoss AS7.4, Clustering, Custom Authenticator)

    mp911de

      Hi there,

      I'm using distributed web session with clustered SSO. Everything works fine, but I noticed a weird behavior: Web sessions get distributed only after the 2. request to the session when using a custom authenticator valve (even if I specify the BasicAuthenticatorValve itself).

       

      Flow:

      1. Request a protected resource with Basic auth credentials on first server-> Session is created and JSESSIONID/JSESSIONIDSSO cookies are created
      2. Request a protected resource passing JSESSIONID/JSESSIONIDSSO cookies to the second server -> Second server reauthenticates but creates a new session

       

      Another Flow:

      1. Request a protected resource with Basic auth credentials on first server-> Session is created and JSESSIONID/JSESSIONIDSSO cookies are created
      2. Request a protected resource passing JSESSIONID/JSESSIONIDSSO cookies to the first server -> Session is replicated now
      3. Request a protected resource passing JSESSIONID/JSESSIONIDSSO cookies to the second server -> Second server reauthenticates and uses the session from the cookie

       

      I noticed this happens only if I specify an authenticator in jboss-web.xml, even if I use org.apache.catalina.authenticator.BasicAuthenticator. If I omit the <valve>...</valve> entry, everything works fine. This causes the client to accept over and over new sessions as soon as the requests get balanced. My balancer distributes evenly, without stickyness (Server one, Server two, Server one, ... and so on). I noticed while debugging, that the valve pipeline within the context is slightly different when specifying a custom authenticator.

       

      Is this a bug or is this just something to configure? My environment is:

      • JBoss AS 7.4 with Infinispan clustering in Standalone-Mode
      • Servlet 3.0 Application