1

Running a sample jhipster app (found at : https://github.com/ehcache/ehcache3-samples/tree/master/fullstack) , when I deployed it to a docker swarm (swarm mode) with docker stack, it worked fine and I could log-in

But when I started "scaling" the web app, I found out the session was lost whenever my request would hit another container than the first one.

Actually, I even saw in the logs :

    worker2    | org.springframework.security.web.authentication.rememberme.CookieTheftException: Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack.
    worker2    |         at org.terracotta.demo.security.CustomPersistentRememberMeServices.getPersistentToken(CustomPersistentRememberMeServices.java:173)
    worker2    |         at org.terracotta.demo.security.CustomPersistentRememberMeServices.processAutoLoginCookie(CustomPersistentRememberMeServices.java:83)
    worker2    |         at org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices.autoLogin(AbstractRememberMeServices.java:130)

while I was trying to logging in again... Is there something I need to setup to have the load balancer treat the session as unique ?

Anthony Dahanne
  • 4,823
  • 2
  • 40
  • 39
  • I tried out : https://stackoverflow.com/a/11944824/24069 and it worked pretty well (commenting out the code that threw the exception). I initially thought it was configurable from Spring / JHipster – Anthony Dahanne Oct 19 '17 at 10:10

0 Answers0