There is no cookie, the browser deletes the session cookie
when the browser is closed. So tomcat has no chance to
assign the session to this request.
The only portable solution I see would be something like that:
- define an own cookie that survives the closing of the browser.
(have a lookt at API Doc of javax.servlet.http.Cookie to see
how to achieve that)
- store the session id in the cookie
- define a filter that does the following:
- check each incoming request for the session id
- if the request doesn't contain a session id (from cookie and
url), but your cookie, redirect to an url that contains the
original session id from the cookie.
> -----Original Message-----
> From: Guru Mandavia [mailto:gmandavia@;smartbrief.com]
> Sent: Thursday, October 31, 2002 3:21 PM
> To: Tomcat Users List
> Subject: Re: keeping user logged in using j_security_check
>
> Thanks Ralph. But can't I force j_security to read an
> existing cookie? how do i map the sessionid back to the
> user in case he closed his browser?
>
--
To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
