Hello. I had the same problem. It was because of the browser. JSP location: http://myserver.com/Init.jsp
The JSP redirected to the Servlet after it does it's job. BUT! The redirection went to: http://www.myserver.com/servlet/MyServlet The browser (IE) did not recognize this to be the same server and restarted the sessionID. So Orion thinks it is a different client. Test: try to access the JSP via: http://www.myserver.com/Init.jsp Then the redirect should work. Another problem is, that the Session cookie is bound to a start location: Cookie: JSessionID=1235r4123; path=/RootContextPath. Again the browser dows not recognize this cookie to be sent, when you try to access /servlet/* That is why I was forced to use filters, so that /RootContextPath/MyServletService/* was bound to MyServlet, and it worked. Try these things. They might help. Additional info is required for further investigation. May the shade of the tree strengthen you. Lachezar. > > I have a JSP and a Servlet in the same war file. Both URLs have been setup > with security-constraints in the web.xml. When hitting the JSP first I am > prompted to authenticate, which is expected behaviour. After authentication > I then goto the Servlet and I am then again redirected to the login form and > asked to authenticate. Has anyone else had this problem? Seems like being > in the same war file the first authentication of the session should work for > the entire war file. > > Thanks >