top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Enable session persistence between two tomcat nodes behind load balancer

0 votes

I have been searching for an answer to how to set this up. I find a lot of posts on session persistence but none seem to describe how to set it up. Is there a simple explanation out there that tells me how I go about setting up session persistence (with Apache, I would just set up memcached on the db server and configure the memcache module on each Apache instance to point to the memcached and it works). I don't need opcode persistence. I just want the tomcats to either a) direct all session traffic to a single node or b) make the two tomcats aware of all sessions. Can someone point me in the right direction? I am not a java coder, but if code changes need to be made, I can work through it.

posted Jul 20, 2013 by anonymous

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+1 vote
Best answer

1) We need more info here. Apache what? HTTPD? Tomcat? I'm going to assume Tomcat now what version are you using? 6.0.x, 7.0.x?

2) How do you want to persist your sessions? Memcached is an in-memory cache, so calling it persistence is a stretch. It is a good way to make your sessions available to multiple Tomcat servers though, so you just have to think about exactly what you want here.

Out-of-the-box Tomcat supports persistence of sessions to disk and to a relational database. Reference docs can be found here.

Configuration is pretty simple, you just need to adjust the tag in server.xml, and if using a relational database create the table.

 I just want the tomcats to either a) direct all session traffic to a single node

This sounds like you're referring to sticky sessions and that something your load balancer would do, not Tomcat. Also, this has nothing to do with session replication. It just binds a user's requests to one particular Tomcat node and that node happens to contain the data for that session. If the node hosting a particular session went down, you'd lose your user's session data. In some cases that's OK though, it just depends on your needs.

If you need something with better availability, you could pair it with session replication or session persistence.

Here's a link to the docs for session replication. The link for session persistence is above.

or b) make the two tomcats aware of all sessions. Can someone point me in the right direction?

See links above. Try to follow the instructions there.

answer Jul 20, 2013 by anonymous
Similar Questions
+3 votes

We have currently started using tomcat 7.0 in our development environment. Following are the configuration Details :

Tomcat Version : 7.0.55
Java Version :

We have a requirement to implement clustering for one of our applications . The same application's active but idle sessions need to be persisted to a JDBC store . We have a small cluster of just two nodes so as recommended we need to use DeltaManager but for session persistence we need to use PersistentManager . PersistentManager is not recommended for clustering as the session data is not swapped out in real time.As far as I understand , we can only use one of the manager configurations .

Can you please let me know if it is possible to achieve session persistence along with clustering , If yes how can we achieve the same ?

+2 votes

I am looking for a way to add the X-XSS-Protection header (*) to the response from Tomcat.

I am currently using the Tomcat's HttpHeaderSecurityFilter that allows to setup other useful security related headers but it doesn't seem to support the X-XSS-Protection header (**).

Do you think that HttpHeaderSecurityFilter should be enhanced to support this (I could provide a patch for this)? Is there another way?

0 votes

My project is planning to upgrade to Tomcat 7.0.57 that has the fix for POODLE vulnerability and have the SSL protocol disable by default. We were up till now using the manual configuration change in server.xml in
order to disable use of SSL.

My questions is that after upgrading to Tomcat 7.0.57, is there any similar configuration change available, through which we can re enable SSL protocols again.

Please let me know if my question is not clear.

0 votes

Upgrading from tomcat 6.0.35 to 6.0.36 causes a simple jsp page to require about 20 minutes to load.

We have two clients that are running in an IBM mainframe USS (Unix System Services) environment and when they upgraded from tomcat 6.0.35 to 6.0.36, the simple jsp page in our webapp takes up to 20 minutes to load into the web browser. We have other clients that are successfully running 6.0.36 in
the USS environment. So it is a somewhat isolated issue.

I looked over the 6.0.36 change log at,
but nothing jumped out at me as to which change may have caused the issue.

Since I am not a tomcat expert, I am asking for help on how to diagnose this issue.

Are there certain logging options that could be enabled?