I checked the response headers (in Google Chrome). When the redirect fails, then no cookie is set in the response header. Curious how this only happens sometimes. The sign in is a redirect from another redirect. First the sign in goes to a Twitter OAuth sign in page, then it's redirected back to the application and then the application makes a redirect to original page. When the sign in fails, not only is the cookie not set, the GAE session attribute is not set either when the redirect fails.
-- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine-java/-/WTF9e1KV98QJ. To post to this group, send email to google-appengine-java@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
