I had the same problem ... using BASIC auth I could only gain access to the principal in secured areas - so I just secured all areas where I needed access to the principal :) ... very annoying though.
cheers, Marinó "Daniel Massie" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > If I firstly go to a secured area, I am redirected to the login page. I > log in, get sent to my original request (secure area). If I then go > immediately to an unsecure area, there is no principal or subject (both > null). > > If I go to the unsecured area without an existing session, there is also > no principal or subject (both null) as expected. > > Daniel > > Karr, David wrote: > > >I'm not sure what problem you're having. Are you saying that after you > >specify your login when accessing a secured area, you then immediately > >(before session timeout) access an unsecured area that checks > >"role=admin" and thinks you don't have that role (I would be surprised > >if it did that)? Or is your first access (without an existing session) > >to the unsecured area? If that's the case, then there definitely won't > >be an existing principal. Did you think there would be? > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]