We have a project that we want to add fail-over and load-balancing features. Our app also uses SSO and session replication in a cluster environment using the great jboss-tomcat tamdem. The problem arises when apache is configured to load balance, in a round robin manner, between up to four jboss instances (mod_jk). Our app uses form-based authentication. Imagine we have a system configured with four jboss instances with session replication and single sign-on working. When we add apache to the scenario, everything begins to go wrong. Apache has a Round Robin schema and the first unauthenticated request goes to the first worker wich redirects the request to login.jsp, when the user provides it's credentials, the subsecuent request ( j_security_check as it's form-based authentication) goes to the second worker wich has no kwnoledge of a previous unauthenticated request and issues an "HTTP 400 invalid direct invocation of form" error as servlet's specification states. Is there any way of circumventing this problem?, other solution than substituting the authentication mechanism? Is there any way of configuring apache to be aware of the previous unauthenticated request and instruct it to direct the j_security_check request to the previous ( the one who redirected to login.jsp ) instance. Grets, View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3968915#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...