Hello experts. We are using FormAuthenticator and face a following issue:
1) Session persistence is disabled 2) User is on login page 3) Restart Tomcat 4) User tries authentication He receives error 400 or 408. While digging deeper we discovered that in this case Tomcat validates session id and if it's old/invalid - prevents logging-in even though valid credentials are passed. We tried landingPage solution - it looks better than error 400/408 but anyway it forces user to enter credentials twice (or we don't know how to pass credentials to landingPage implicitly). We think that an improvement of user experience would be : FormAuthenticator: 255 if (session == null) { session = request.getSessionInternal(false); } ==> if (session == null) { session = request.getSessionInternal(true); } So if session is invalid or missing - simply create it. Does this idea make sense? Can we achieve the goal of not forcing user entering credentials twice without changes in Tomcat ? Thanks in advance! --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org