_________________________________I would have posted this to tomcat-dev, but the page with directions
on subscribing was down when I last checked. I am witnessing a bug where if you use cookie-less form-based login with JDBC realms, Tomcat 4.0.1 and 4.0.2b2 will force you to triple-login to actually login. (You have type your username & password into the form based page three times) I am apparently not the only one who has seen this: http://mikal.org/interests/java/tomcat/archive/view?mesg=52926 The reason I believe it has to do with JDBC realms is that I tried cookieless login using the tomcat example /tomcat/webapps/examples/jsp/security , which worked fine with the memory or file-based realms. I then modified the 'examples' context in server.xml to use my jdbc realm, and while I could manage to login in, it took three efforts to actually get in. -Cameron Elliott