> > IMHO, you are trying to misuse form-based authentication. > > The servlet spec requires that the container cache the *original* request > that triggered the authentication, and then replay it after the user is > successfully identified. From the user experience point of view, it works > exactly like BASIC authentication does: > > * User submits a request for a protected URI > > * Container "pops up" the username/password dialog >
This is where the problem arises. When the container "pops up" the username/password dialog in the form based authentication it directs the user to the login page. Thus the url in the browser have the http://host/login.jsp Now my problem is if the user bookmark this page then the next time he/she decided to use the bookmark he/she will go directly to the login page. > level code. Reliance on this feature locks you in to that particular > version of Tomcat -- it's not portable to Tomcat 4 or to any other servlet > container in the world. Well didn't I learn the hard way :D. So ... you reckon the only solution for me is to use my own authentication mechanism? -- Victor Hadianto -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>