Is it a new J2EE standard of login - so called authentication? Where to read
about it?
------------
Graeme Miller wrote:
> We are using Tomcat J2EE form-based login security on our website. The user
> requests a protected page and is automatically redirected by Tomcat to the
> login page from which they login and enter the site. No problem there - it
> works perfectly.
>
> However when we open a new window using window.open(url),
> window.showModelessDialog(url) or window.showModalDialog(url) call in
> javascript, things go badly wrong. The moment the new window is closed the
> user has to log in again in the main window before they can do anything
> else. Had a look at request and the the j_username and j_password variables
> appear to be deleted from the session attributes the moment you close the
> new window, but cookie with the session id still appears to be present.
>
> Has anyone else had this problem? Any known solutions? We have tried 5
> different workarounds, none of them work and it's now driving us crazy!
>
> Thanks,
>
> Graeme.
