Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A39589946 for ; Thu, 5 Apr 2012 12:36:19 +0000 (UTC) Received: (qmail 43820 invoked by uid 500); 5 Apr 2012 12:36:16 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 43630 invoked by uid 500); 5 Apr 2012 12:36:16 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 43619 invoked by uid 99); 5 Apr 2012 12:36:16 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Apr 2012 12:36:16 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of knst.kolinko@gmail.com designates 209.85.161.173 as permitted sender) Received: from [209.85.161.173] (HELO mail-gx0-f173.google.com) (209.85.161.173) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Apr 2012 12:36:09 +0000 Received: by ggnp2 with SMTP id p2so814622ggn.18 for ; Thu, 05 Apr 2012 05:35:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=+W0SJJWKy1lfmTtHc6VTjRLVyWKds4qA+wmw1/pswjk=; b=vg3D1pGi0Ivw55/fq7zIcP51q83rMl62X6/DL3kXXqNsFNckutkjYv+CPwQNGkSXiv H8rmLgvTa1sSqbGBwxhUnJsepACBqR/x98teTP+xet4GS/v9UvL5b4et4xdOFX6G/E3a 2fz0ebRJr8LT1q+4txDwi3jf3D9PWLYzO6kWoYdOlcmmoP1KjrFCMkI0FlDjM640fc2P vv11xCMM2071YR/D8VJiIjlGhrgMPsTZdkORArCvpFJ2igAAZ4XOlJwHzUIoJYymhZJT 1XGv3iYnc7TKS7pJ7EoEQj6J5a9s59pl9OTFcXqGohD8KXIgRtbPEl0K5xHRmKvF9WtI Mn/A== MIME-Version: 1.0 Received: by 10.236.78.74 with SMTP id f50mr2005157yhe.26.1333629349357; Thu, 05 Apr 2012 05:35:49 -0700 (PDT) Received: by 10.146.204.18 with HTTP; Thu, 5 Apr 2012 05:35:49 -0700 (PDT) In-Reply-To: References: Date: Thu, 5 Apr 2012 16:35:49 +0400 Message-ID: Subject: Re: request.login() not persistent From: Konstantin Kolinko To: Tomcat Users List Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org 2012/4/5 Jerry Malcolm <2ndgenfilms@gmail.com>: > I am using TC 7.0 on a couple of servers. =A0I have id/pw fields and a > 'login' button at the top of all guest pages on my site. =A0If the user > clicks the login, it goes to a guest page that does the request.login() > method call and then redirects to a protected page. =A0If the login fails= , > the normal j_security login form stuff kicks in on the protected page and > the user logs in the old way. > > OK, this worked on one server for several months. =A0It never worked on t= he > other server. =A0On that server, the request.login() succeeded according = to > the logs. =A0But when it redirected to the protected page, the j_security > login form would appear. =A0I could log in from there and everything was > fine. > (...) How do you perform your redirect? Do you call HttpServletResponse.encodeRedirectURL( ) to encode sessionid in the redirection URL? Form authentication relies on sessions. If new request does not belong to the same session (the correct session id is not send by client either in URL or with a cookie) then it does not have authentication. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org