Simon, again me. I think you might be right about the thread-safety. I checked
out closely the access log and in two cases there was the same pattern.
Each user triggered the login action (j_security_check) twice when they logged
in. And they were the first users that accessed the system. Then the app might
hit some framework code that is not thread-safe. After the login the framework
acted as if the web.xml file was not parsed and the filter mappings were not
read.
Thanks
---------------------------------
Be smarter than spam. See how smart SpamGuard is at giving junk email the boot
with the All-new Yahoo! Mail
