[
http://jira.jboss.com/jira/browse/JBAS-4235?page=comments#action_12357156 ]
Sergey Zhukov commented on JBAS-4235:
-------------------------------------
I'm sorry, this is behavior by design.
If I do a real HTTPS connection, through Apache+mod_jk everything works Ok too.
Reason:
Session ID stores in client's cookie with "secure" property if Connector
configured with secure="true".
But if I do just http:// request, browser doesn't send secure cookies back to the
server. So server lose session on every new request.
Session ID lost over "secure" connector
---------------------------------------
Key: JBAS-4235
URL:
http://jira.jboss.com/jira/browse/JBAS-4235
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Clustering, Web (Tomcat) service
Affects Versions: JBossAS-4.0.5.GA, JBossAS-4.0.3 SP1
Reporter: Sergey Zhukov
Assigned To: Brian Stansberry
I'm using AJP or HTTP connector with secure="true" attribute in JBoss
cluster environment.
On every browser's request, my JSP code got new session id (session.getId()).
Also it affects load balancing with sticky sessions, because every new request goes to
another node.
Try it, by simple index.jsp:
<%= session.getId() %>
Deploy it as farm application, open in browser and click refresh several times.
You'll see new id every time.
I've tried this with JBoss 4.0.5 with configuration: 'all'.
NOTE: without secure="true" everything works Ok.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira