On Tue, Apr 02, 2002 at 06:42:40PM -0500, Wellie W. Chao wrote: > It's within the same webapp (the context path is the same). At first I > thought it was a cache issue, but I hit reload on both protected and > unprotected pages and it shows what I originally pulled up on each > particular page. That is, users remain logged in, but when they visit > unprotected sites, request.getRemoteUser() and other authentication methods > behave as if the user is unauthenticated until the user revisits a protected > page, at which point the authentication methods return valid information. > Tomcat does not ask the user to log back in, so it remembers. I can visit > other web sites and return to my application, and Tomcat still remembers > authentication information, and Tomcat still returns null for > request.getRemoteUser() on the unprotected pages (most served by Struts and > Tiles).
are both protected and uprotected pages using the same "scheme"; ie. https for both or http for both? because the logged-in cookie doesn't work across schemes... Adi -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
