On the production server, an error occurs that is not replicable on others. After the authentication process on a particular page, it appears to be somewhere in the filter chain. I found out that on this server, before entering this particular page, JSESSIONID is lost, but later "replaced" with another value (I found use of getSession (true) in the code, which means "if there is no session, create it").

The question is, what is the PRINCIPAL possibility of losing a session? Maybe a clue is that clustering is used on this server? What should I look for in the code (I was looking for removeAttribute () and setting the header, but I didn’t find anything like that) or what possibilities of session loss exist when the jboss server is running?

  • It seems that the session is lost when redirecting from https to http. Perhaps this is the reason ... - asianirish

1 answer 1

Clustering a server means that the server (s) work on several physical (or virtual) servers, which from the point of view of the external user / request work as 1 server. There are many different clustering mechanisms - either several web server instances on different nodes are combined into one server, or clustering works at the database level, etc. Common place is the so-called. synchronization between servers (nodes) of the cluster. This is usually managed by a special application session replication service . In the application settings, it is sometimes necessary to specify special attributes to tell the replication service that this application may be distributed, in some servers this happens by default.

I am not a great JBoss specialist, but a short googling leads to such a link - search through documentation. Most likely, your session is lost due to incorrect settings for replicating sessions between cluster nodes.