Hi, I am using tomcat 3.2.1. When a user accessing resources out of the scope of his/her role, tomcat forwards to the logon-error-page, deleted the user info in the session, and the url of the requested resource was not saved into tomcat.auth.originalLocation. Is there a way to configure tomcat such that the user info is not deleted, the orignal url is saved, and logon page is forwarded? Thanks for the help. Yi-Xiong Zhou
