> has anyone encountered special cases where they've had to come up with some > unique way of handling logins?
Why not use container managed authentication? You don't need to protect your pages statically using statements in web.xml. If you need to protect specific pages, then redirect to a login page (or a page protected by a statement in web.xml) when necessary. You can check if someone is logged in by checking if request.getUserPrincipal() returns null or not. -- -Torgeir -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
