RE: Repost: Double Login

Wed, 08 Jan 2003 06:23:49 -0800 

Are you using cookies or URL re-writing for session identifier?

Are you doing anything funky with domain names or other such trickery
which would cause your cookie to not be available upon doing the
forward?

-Troy

-----Original Message-----
From: Nathan McMinn [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, January 08, 2003 9:07 AM
To: [EMAIL PROTECTED]
Subject: Repost: Double Login

Hi all,

Some of you had been kind enough to assist with this issue I posted
previously.  I had thought it was fixed, but it has appeared again.  Any
ideas?


I recently switched a web application from a memory realm to a JDBC
realm
for authentication.  After making the switch, the web app now requires
that
users log in twice.  The app is running with SSL, and using Basic
authentication.  The Login.jsp page listed in the XML below as the
welcome
file simply sets up session objects, etc.  The first login occurs before
the
Login.jsp page will load.  Once all of the session setup is complete,
the
Login.jsp page forwards the user to the application's main menu.  It is
at
this point that the system asks for another login.  Has anyone seen this
behavior before? I've already searched Google, JGuru, etc etc.  This is
the
current web.xml for the application having the problem.  Any help would
be
greatly appreciated.

Thanks..
Nathan McMinn

<web-app>

    <mime-mapping>
      <extension>js</extension>
      <mime-type>text/javascript</mime-type>
    </mime-mapping>

  <welcome-file-list>
    <welcome-file>Login.jsp</welcome-file>
  </welcome-file-list>

    <security-constraint>
      <display-name>WWEX Security Constraint</display-name>
      <web-resource-collection>
         <web-resource-name>DELETED</web-resource-name>
         <!-- Define the context-relative URL(s) to be protected -->
         <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
         <!-- Anyone with one of the listed roles may access this area
-->
         <role-name>user</role-name>
      </auth-constraint>
      <user-data-constraint>
  <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
    </security-constraint>

    <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>DELETED</realm-name>
    </login-config>

</web-app>



--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>



--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to