Author: aogburn Date: 2014-08-15 10:03:23 -0400 (Fri, 15 Aug 2014) New Revision: 2485 Modified: branches/7.4.x/src/main/java/org/apache/catalina/authenticator/DigestAuthenticator.java Log: [BZ-1126490] create session prior to Digest 401 so loadbalancers can maintain stickiness Modified: branches/7.4.x/src/main/java/org/apache/catalina/authenticator/DigestAuthenticator.java =================================================================== --- branches/7.4.x/src/main/java/org/apache/catalina/authenticator/DigestAuthenticator.java 2014-07-25 18:03:58 UTC (rev 2484) +++ branches/7.4.x/src/main/java/org/apache/catalina/authenticator/DigestAuthenticator.java 2014-08-15 14:03:23 UTC (rev 2485) @@ -255,6 +255,9 @@ // to be unique). String nonce = generateNonce(request); + // Ensure a session is created to have stickiness through loadbalancers + request.getSessionInternal(true); + setAuthenticateHeader(request, response, config, nonce, principal != null && digestInfo.isNonceStale()); response.sendError(HttpServletResponse.SC_UNAUTHORIZED);