tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike W-M" <>
Subject Re: Repost: Double Login
Date Wed, 08 Jan 2003 15:09:50 GMT
Just a few thoughts since it looks like the JDBC realm that's causing you
the problem.
(And you don't say what Tomcat version you're using.)

When I setup my own JDBC realm (for form-based-authentication) I noticed
that its error handling wasn't all that hot.  If the call errored (e.g.
because I'd specified incorrect table or column names) it just looked like a
failed logon.  Maybe the first call is failing so the user's asked to log on
again?  (Tomcat 4.0.4)

Also, what happens if you don't request the logon page first but request
another protected page?  (You may get errors generated, but at least that
means your request got through...)  How many times are you asked to
authenticate then?  If it's only one then that points to something your
logon page is doing, right?


----- Original Message -----
From: "Nathan McMinn" <>
To: "Tomcat Users List" <>
Sent: Wednesday, January 08, 2003 2:26 PM
Subject: Re: Repost: Double Login

Nope, it is just HTTP BASIC authentication, running over SSL.  And there is
no magic url or domain trickery going on.  The really unusual part is that
with a memory realm, I didn't have this problem.  It only popped up after
switching to a JDBC Realm.

----- Original Message -----
From: "Troy J. Kelley" <>
To: "'Tomcat Users List'" <>
Sent: Wednesday, January 08, 2003 8:23 AM
Subject: RE: Repost: Double Login

> Are you using cookies or URL re-writing for session identifier?
> Are you doing anything funky with domain names or other such trickery
> which would cause your cookie to not be available upon doing the
> forward?
> -Troy
> -----Original Message-----
> From: Nathan McMinn []
> Sent: Wednesday, January 08, 2003 9:07 AM
> To:
> Subject: Repost: Double Login
> Hi all,
> Some of you had been kind enough to assist with this issue I posted
> previously.  I had thought it was fixed, but it has appeared again.  Any
> ideas?
To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message