Nope, it is just HTTP BASIC authentication, running over SSL. And there is no magic url or domain trickery going on. The really unusual part is that with a memory realm, I didn't have this problem. It only popped up after switching to a JDBC Realm.
----- Original Message ----- From: "Troy J. Kelley" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Wednesday, January 08, 2003 8:23 AM Subject: RE: Repost: Double Login > Are you using cookies or URL re-writing for session identifier? > > Are you doing anything funky with domain names or other such trickery > which would cause your cookie to not be available upon doing the > forward? > > -Troy > > -----Original Message----- > From: Nathan McMinn [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 08, 2003 9:07 AM > To: [EMAIL PROTECTED] > Subject: Repost: Double Login > > Hi all, > > Some of you had been kind enough to assist with this issue I posted > previously. I had thought it was fixed, but it has appeared again. Any > ideas? > > > I recently switched a web application from a memory realm to a JDBC > realm > for authentication. After making the switch, the web app now requires > that > users log in twice. The app is running with SSL, and using Basic > authentication. The Login.jsp page listed in the XML below as the > welcome > file simply sets up session objects, etc. The first login occurs before > the > Login.jsp page will load. Once all of the session setup is complete, > the > Login.jsp page forwards the user to the application's main menu. It is > at > this point that the system asks for another login. Has anyone seen this > behavior before? I've already searched Google, JGuru, etc etc. This is > the > current web.xml for the application having the problem. Any help would > be > greatly appreciated. > > Thanks.. > Nathan McMinn > > <web-app> > > <mime-mapping> > <extension>js</extension> > <mime-type>text/javascript</mime-type> > </mime-mapping> > > <welcome-file-list> > <welcome-file>Login.jsp</welcome-file> > </welcome-file-list> > > <security-constraint> > <display-name>WWEX Security Constraint</display-name> > <web-resource-collection> > <web-resource-name>DELETED</web-resource-name> > <!-- Define the context-relative URL(s) to be protected --> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <!-- Anyone with one of the listed roles may access this area > --> > <role-name>user</role-name> > </auth-constraint> > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint> > > <login-config> > <auth-method>BASIC</auth-method> > <realm-name>DELETED</realm-name> > </login-config> > > </web-app> > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>