Malcolm Warren wrote:
I've tried including the session id, but it creates a new one.
It's calling a url in another application in the same engine. Can't session info be shared across applications?
No. Session information cannot be shared between contexts (webapps).
I've allowed single sign-on in server.xml.I think single sign-on allows you to share container-based authentication between webapps. In other words, if you've authenticated successfully against one webapp, and you've got single sign-on enabled, you're authenticated against other webapps within the same container.
I don't want to merge them into one application, because I may put one of them in another virtual machine.
Maybe you can persist session info that needs to be shared to a backend database. AFAIK, sessions can't cross contexts per the servlet spec.
On Fri, 2 Apr 2004 10:31:59 +0200, Ralph Einfeldt <[EMAIL PROTECTED]> wrote:
That information is stored in the session.
So your programm has to include the session id that was created by tomcat in the requests (either as cookie or as query parameter)
-----Original Message----- From: Malcolm Warren [mailto:[EMAIL PROTECTED] Sent: Friday, April 02, 2004 10:12 AM To: Tomcat Users List Subject: Re: How does Tomcat manage Form-based authentication?
I'm using an old nuts and bolts programme that actually programmatically sent the "Authorization" header string for BASIC authorization, and I'd like to continue using this programme, but I have to tell the new FORM version that I've already signed in, and I don't know how.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- ============================================================================ Chris Egolf http://www.ugholf.net [EMAIL PROTECTED] ============================================================================
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
