>One thing to double check is that your welcome page really does do a >*redirect* to sessionStart.do, rather than a <jsp:forward>. The >latter will not kick in the container managed security, because they >are only applied on the URL that is originally requested from the >client (which will be the one for the welcome page in this scenario).
AHA! Any suggestions for poking the username into the session for alter retrieval? I am trying a javascript function launched from the onSubmit event on the form, and an intermediary jsp/form. Can I use a struts form.action to store the username/pw and forward directly to the j_security_check servlet? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
