I don't think so. The whole point of the j_security is to protect resources and the filter is a resource(it can abort the request mapping chain and return a response itself).
A valve may let you do it. I haven't worked with valves. Charlie > -----Original Message----- > From: Guru Mandavia [mailto:gmandavia@;smartbrief.com] > Sent: Thursday, October 31, 2002 10:41 AM > To: Tomcat Users List > Subject: Re: keeping user logged in using j_security_check > > > Ralph, > One more. Is there way to run the filter prior to > j_security? or are you > suggesting to completely get rid of j_security and implement > the security > using filters? > > Thanks, > Guru > > ----- Original Message ----- > From: "Ralph Einfeldt" <[EMAIL PROTECTED]> > To: "Tomcat Users List" <[EMAIL PROTECTED]> > Sent: Thursday, October 31, 2002 9:52 AM > Subject: RE: keeping user logged in using j_security_check > > > There is no cookie, the browser deletes the session cookie > when the browser is closed. So tomcat has no chance to > assign the session to this request. > > The only portable solution I see would be something like that: > - define an own cookie that survives the closing of the browser. > (have a lookt at API Doc of javax.servlet.http.Cookie to see > how to achieve that) > - store the session id in the cookie > - define a filter that does the following: > - check each incoming request for the session id > - if the request doesn't contain a session id (from cookie and > url), but your cookie, redirect to an url that contains the > original session id from the cookie. > > > -----Original Message----- > > From: Guru Mandavia [mailto:gmandavia@;smartbrief.com] > > Sent: Thursday, October 31, 2002 3:21 PM > > To: Tomcat Users List > > Subject: Re: keeping user logged in using j_security_check > > > > Thanks Ralph. But can't I force j_security to read an > > existing cookie? how do i map the sessionid back to the > > user in case he closed his browser? > > > > -- > To unsubscribe, e-mail: > <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> > For additional commands, e-mail: > <mailto:tomcat-user-help@;jakarta.apache.org> > > > -- > To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org> -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
