Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@www.apache.org Received: (qmail 1563 invoked from network); 2 Apr 2004 21:36:04 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 2 Apr 2004 21:36:04 -0000 Received: (qmail 99305 invoked by uid 500); 2 Apr 2004 21:35:30 -0000 Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org Received: (qmail 99280 invoked by uid 500); 2 Apr 2004 21:35:30 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 99247 invoked from network); 2 Apr 2004 21:35:30 -0000 Received: from unknown (HELO sccrmhc13.comcast.net) (204.127.202.64) by daedalus.apache.org with SMTP; 2 Apr 2004 21:35:30 -0000 Received: from kenny.ugholf.net ([67.161.200.254]) by comcast.net (sccrmhc13) with ESMTP id <20040402213535016003ge37e>; Fri, 2 Apr 2004 21:35:35 +0000 Received: from ugholf.net ([65.114.251.98]) (authenticated bits=0) by kenny.ugholf.net (8.12.10/8.12.10) with ESMTP id i32LZXaU031553 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 2 Apr 2004 14:35:34 -0700 Message-ID: <406DDCA5.6020008@ugholf.net> Date: Fri, 02 Apr 2004 14:35:33 -0700 From: Chris Egolf User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031016 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tomcat Users List Subject: Re: How does Tomcat manage Form-based authentication? References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Malcolm Warren wrote: > I've tried including the session id, but it creates a new one. > > It's calling a url in another application in the same engine. Can't > session info be shared across applications? No. Session information cannot be shared between contexts (webapps). > I've allowed single sign-on in server.xml. > I think single sign-on allows you to share container-based authentication between webapps. In other words, if you've authenticated successfully against one webapp, and you've got single sign-on enabled, you're authenticated against other webapps within the same container. > I don't want to merge them into one application, because I may put one > of them in another virtual machine. > Maybe you can persist session info that needs to be shared to a backend database. AFAIK, sessions can't cross contexts per the servlet spec. > > > On Fri, 2 Apr 2004 10:31:59 +0200, Ralph Einfeldt > wrote: > >> That information is stored in the session. >> >> So your programm has to include the session id >> that was created by tomcat in the requests (either >> as cookie or as query parameter) >> >>> -----Original Message----- >>> From: Malcolm Warren [mailto:malcolm@villeinitalia.com] >>> Sent: Friday, April 02, 2004 10:12 AM >>> To: Tomcat Users List >>> Subject: Re: How does Tomcat manage Form-based authentication? >>> >>> I'm using an old nuts and bolts programme that actually >>> programmatically sent the "Authorization" header string >>> for BASIC authorization, and I'd like to continue using >>> this programme, but I have to tell the new FORM >>> version that I've already signed in, and I don't know how. >>> >>> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org -- ============================================================================ Chris Egolf http://www.ugholf.net cegolf@ugholf.net ============================================================================ --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-user-help@jakarta.apache.org