We are using Tomcat J2EE form-based login security on our website. The user
requests a protected page and is automatically redirected by Tomcat to the
login page from which they login and enter the site. No problem there - it
works perfectly.
However when we open a new window using window.open(url),
window.showModelessDialog(url) or window.showModalDialog(url) call in
javascript, things go badly wrong. The moment the new window is closed the
user has to log in again in the main window before they can do anything
else. Had a look at request and the the j_username and j_password variables
appear to be deleted from the session attributes the moment you close the
new window, but cookie with the session id still appears to be present.
Has anyone else had this problem? Any known solutions? We have tried 5
different workarounds, none of them work and it's now driving us crazy!
Thanks,
Graeme.
