> thanks for your reply, but i am not using sessions any way.
> either this does not happen when i use simple basic authentication.
> it seems that session management is turned on some way, when
> i use form based sec.
> any hint?
Not sure I understand what you mean by not using sessions? You mean
you never access any instances of HttpSession? Did you do something
like get rid of(from server.xml):
<RequestInterceptor
className="org.apache.tomcat.session.StandardSessionInterceptor" />
To the best of my knowledge Tomcat does session management despite
whatever type of authentication you are using(correct me if I'm wrong
anyone...). I believe your servlet would work fine, as long as you
don't get an instance of HttpSession, if you removed the RequestInterceptor
for the Session Manager; but jsp pages will still have a problem.
Of course, this is all to the best of my knowledge...
Anyone else have comments on this?
---
Michael Wentzel
Software Developer
Software As We Think - http://www.aswethink.com
mailto:[EMAIL PROTECTED]
- Punisher of those who cannot spell dumb!
