Are you using container managed security (i.e. configured in web.xml)? If yes, to answer your questions:
1) The session is created during the request that creates the login page. 2) FORM based authentication won't work without sticky sessions. If you post the login form to a different server than the one that issued it, it won't work. 3) Session cookies are scoped either to the webapp or the host, so if you change hosts the browser will not present the session cookie, so that won't work. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3938851#3938851 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3938851 ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
