How to install the session cookie into the original request of the secure area?
Here is my problem. When making a connection to the secure area of my website through code, the original request is saved, but the JSESSIONID cookie is not added to it. So after j_security_check succeeds, the saved request fails. Details: (1) Open a URL connection to "https://localhost/mywebservice/secure/action.do";. There are no cookies. (2) Tomcat redirects to "https://localhost/mywebservice/secure/login.html"; as specified in web.xml. Tomcat also saves the request in (1). (3) A servlet creates the page and sends it back. The response has a JSESSOINID cookie in it. (4) The client reads the response and saves the cookie. (5) The clien opens a connection to "https://localhost/mywebservice/secure/j_security_check";, and passes j_username, j_password, and JSESSIONID. (6) The authentication succeeds on the server. (7) The server goes on to process the saved request (1) above. (8) But there are no cookies, so the request fails and we get the login page again. There's a function in Tomcat that calls req.getCookies(), and the result is an array of length 0. By contrast, when I open Mozilla and go to a secure section of my website, Tomcat saves the original request. It then sends back the login page. Upon a succesful login, Tomcat processes the saved request, and in the debugger I can see that the above function req.getCookies() returns an array of size 1, and it is the correct JSESSION cookie. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
