No, you'd have to write your own authentication mechanism. Tomcat is
required to store the request that triggered authentication for re-play
after a successful authentication. If not the request, where else should
it be stored?
Christopher, thanks for the reply.
This is inline with my analysis.
Christopher, I got the solution.
Thanks.
Umesh
--
View this message in context:
http://www.nabble.com/Form-Based-Authentication-creates-user-session-before-it-is-authenticated--tp23455945p23515281.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
Hello,
In my web application, I am using tomcat's form based authentication for
protecting my secure web pages. Thus whenever user starts accessing webapp
by providing an URL of protected page, it is redirected to login page.
However, while doing so it creates a session. I do not want my web
