If you can reproduce by clicking a particular link, check if the url in the href contains a jsessionid or not, and whether it matches the one in the request or not. Similarly, for a form, check the form submit url.
eoin.
Greg Akins wrote:
I set them to always accept & never accept cookies with no difference.
Also, since the acegi-security example works using the same client/server combination; I think it must be something configured in my application?
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
