Downloaded T4-b5 and tried configuring SSO (SingleSignOn) with FORM authentication. When the first webapp gets executed, the SSO cookie is not set (in browser). Here are my properties: server.xml: <Engine name="Standalone" defaultHost="localhost" debug="3"> <Realm className="org.apache.catalina.realm.MemoryRealm" /> <Host name="localhost" debug="1" appBase="webapps" unpackWARs="true"> <Valve className="org.apache.catalina.authenticator.SingleSignOn" debug="1"/> ...... </Host> </Engine> Made a duplicate webapp called test2 from example. Tried the example jsp/security/protected. Both webapps contains the same web.xml: <security-constraint> <display-name>Example Security Constraint</display-name> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <!-- Define the context-relative URL(s) to be protected --> <url-pattern>/jsp/security/protected/*</url-pattern> <!-- If you list http methods, only those methods are protected --> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <!-- Anyone with one of the listed roles may access this area --> <role-name>tomcat</role-name> <role-name>role1</role-name> </auth-constraint> </security-constraint> <!-- Default login configuration uses form-based authentication --> <login-config> <auth-method>FORM</auth-method> <realm-name>Example Form-Based Authentication Area</realm-name> <form-login-config> <form-login-page>/jsp/security/login/login.jsp</form-login-page> <form-error-page>/jsp/security/login/error.jsp</form-error-page> </form-login-config> </login-config> This is what the log shows: 2001-06-14 02:53:52 SingleSignOn[localhost]: Process request for '/test2/jsp/security/protected/index.jsp' 2001-06-14 02:53:52 SingleSignOn[localhost]: Checking for SSO cookie 2001-06-14 02:53:52 SingleSignOn[localhost]: SSO cookie is not present 2001-06-14 02:53:52 StandardHost[localhost]: Mapping request URI '/test2/jsp/security/protected/index.jsp' 2001-06-14 02:53:52 StandardHost[localhost]: Mapped to context '/test2' 2001-06-14 02:54:01 SingleSignOn[localhost]: Process request for '/test2/jsp/security/protected/index.jsp' 2001-06-14 02:54:01 SingleSignOn[localhost]: Checking for SSO cookie 2001-06-14 02:54:01 SingleSignOn[localhost]: SSO cookie is not present 2001-06-14 02:54:01 StandardHost[localhost]: Mapping request URI '/test2/jsp/security/protected/index.jsp' 2001-06-14 02:54:01 StandardHost[localhost]: Mapped to context '/test2' 2001-06-14 02:54:01 jsp: init 2001-06-14 02:54:01 SessionListener: sessionCreated('50E620234093A0539630028227494569') 2001-06-14 02:54:18 SingleSignOn[localhost]: Process request for '/test2/jsp/security/protected/index.jsp' 2001-06-14 02:54:18 SingleSignOn[localhost]: Checking for SSO cookie 2001-06-14 02:54:18 SingleSignOn[localhost]: SSO cookie is not present 2001-06-14 02:54:18 StandardHost[localhost]: Mapping request URI '/test2/jsp/security/protected/index.jsp' 2001-06-14 02:54:18 StandardHost[localhost]: Mapped to context '/test2' Thanks. -- keng wong