Hi I'm using TC4 built from CVS on 17 Feb, and I'm scratching my head about a strange problem when i try and access 2 webapps which have the same realm name in their web.xml file, as in: <login-config> <auth-method>BASIC</auth-method> <realm-name>myRealm</realm-name> If I visit these webapps using a HTTP 1.0 client (eg NS 4.7, or IE 5 or 5.5 with "Use HTTP 1.1" deselected), i get the expected sequence of a 401 error, at which point the browser presents the authentication dialog; then on subsequent protected pages, the browser responds to the 401 error with authentication information without involving the users. If I visit these webapps using either IE 5 or 5.5 in their default HTTP 1.1 enabled mode, then what happens is this: For IE 5.5, when i visit the first page, i am asked to authenticate. Then, when i visit the second page (on my setup, this is in a second webapp, but with the same realm-name), i am presented with a blank screen. The tomcat logs show the 401 response, but they DO NOT show a subsequent request in which the authentication information is provided by the browser. HOWEVER, according to my packet sniffer, that request _is_ being sent, however Tomcat never responds to it: G E T / T e s t D r i v e / p r o t e c t e d / s h o w H o m e D i r e c t o r y H T T P / 1 . 1 H T T P / 1 . 1 4 0 1 U n a u t h o r i z e d W W W - A u t h e n t i c a t e : B a s i c r e a l m = " m y R e a l m " G E T / T e s t D r i v e / p r o t e c t e d / s h o w H o m e D i r e c t o r y H T T P / 1 . 1 A u t h o r i z a t i o n : B a s i c Z n J l Z D p u Z X J r [Tomcat sends the page] G E T / S m a r t P r e c e d e n t S e r v e r / a s k I n t e r v i e w P r e f e r e n c e s ? I D = % 2 F f i l e s % 2 F d e m o n s t r a t i o n % 2 F T e s t 2 S A f o r R e p o s i t o r y . x m l & r e p o s i t o r y n a m e = T e s t D r i v e H T T P / 1 . 1 H T T P / 1 . 1 4 0 1 U n a u t h o r i z e d W W W - A u t h e n t i c a t e : B a s i c r e a l m = " m y R e a l m " G E T / S m a r t P r e c e d e n t S e r v e r / a s k I n t e r v i e w P r e f e r e n c e s ? I D = % 2 F f i l e s % 2 F d e m o n s t r a t i o n % 2 F T e s t 2 S A f o r R e p o s i t o r y . x m l & r e p o s i t o r y n a m e = T e s t D r i v e H T T P / 1 . 1 A u t h o r i z a t i o n : B a s i c Z n J l Z D p u Z X J r Clicking refresh successfully grabs the page for me, without me having to type any authentication info again. So i think this might a bug in Tomcat 4's HTTP 1.1 connector (since things are okay with a 1.0 client)? With IE 5, the second time Tomcat sends a 401, IE asks me to authenticate, even though the WWW-Authenticate header is the same one it has seen before. This looks to me like a bug in IE 5. Any thoughts? BTW, i'm not using the single sign on support valve. thanks Jason --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]