Are you using cookies or URL re-writing for session identifier? Are you doing anything funky with domain names or other such trickery which would cause your cookie to not be available upon doing the forward?
-Troy -----Original Message----- From: Nathan McMinn [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 9:07 AM To: [EMAIL PROTECTED] Subject: Repost: Double Login Hi all, Some of you had been kind enough to assist with this issue I posted previously. I had thought it was fixed, but it has appeared again. Any ideas? I recently switched a web application from a memory realm to a JDBC realm for authentication. After making the switch, the web app now requires that users log in twice. The app is running with SSL, and using Basic authentication. The Login.jsp page listed in the XML below as the welcome file simply sets up session objects, etc. The first login occurs before the Login.jsp page will load. Once all of the session setup is complete, the Login.jsp page forwards the user to the application's main menu. It is at this point that the system asks for another login. Has anyone seen this behavior before? I've already searched Google, JGuru, etc etc. This is the current web.xml for the application having the problem. Any help would be greatly appreciated. Thanks.. Nathan McMinn <web-app> <mime-mapping> <extension>js</extension> <mime-type>text/javascript</mime-type> </mime-mapping> <welcome-file-list> <welcome-file>Login.jsp</welcome-file> </welcome-file-list> <security-constraint> <display-name>WWEX Security Constraint</display-name> <web-resource-collection> <web-resource-name>DELETED</web-resource-name> <!-- Define the context-relative URL(s) to be protected --> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <!-- Anyone with one of the listed roles may access this area --> <role-name>user</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>DELETED</realm-name> </login-config> </web-app> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>