Are you using container-based FORM authentication? If so, the username and password used to authenticate requests are not replicated with the session. There is a JIRA to add this feature: http://jira.jboss.com/jira/browse/JBAS-1900.
If you use ClusteredSingleSignOn (http://wiki.jboss.org/wiki/Wiki.jsp?page=SingleSignOn) the login credentials will be available on the failover server.
We are using common html login form that takes username/password, query the database and set the username and role to the session via
As i understand, if we have SET_AND_NON_PRIMITIVE_GET as replication trigger. Whenever, setAttriubute() is called to the session. The session will serialize to other nodes that belongs to the same partition right away. Am i right?
If so, machine B seems like not getting the update since it redirects the deep link back to the login page.
OK, since you are doing your own authentication and are passing the username/password in the session, failover w/o a new login should work.
When you say you "tried to hit a deep link in machine B" what do you mean? How do you know the link is for a different machine? If it has a different hostname, the browser isn't going to present your session cookie.
you are right. I forget this part. Now we have 2 boxes that are at the same partition. Is there an easy way we can find out that the session is really get replicated without putting the load balancer into the picture to test it out?