tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: request.login() not persistent
Date Thu, 05 Apr 2012 12:35:49 GMT
2012/4/5 Jerry Malcolm <2ndgenfilms@gmail.com>:
> I am using TC 7.0 on a couple of servers.  I have id/pw fields and a
> 'login' button at the top of all guest pages on my site.  If the user
> clicks the login, it goes to a guest page that does the request.login()
> method call and then redirects to a protected page.  If the login fails,
> the normal j_security login form stuff kicks in on the protected page and
> the user logs in the old way.
>
> OK, this worked on one server for several months.  It never worked on the
> other server.  On that server, the request.login() succeeded according to
> the logs.  But when it redirected to the protected page, the j_security
> login form would appear.  I could log in from there and everything was
> fine.
> (...)

How do you perform your redirect?
Do you call  HttpServletResponse.encodeRedirectURL( ) to encode
sessionid in the redirection URL?

Form authentication relies on sessions.  If new request does not
belong to the same session (the correct session id is not send by
client either in URL or with a cookie) then it does not have
authentication.


Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message