Hi, If a user is failed to login, he should be directed to the page specified in web.xml, i.e. <form-error-page>/loginError.jsp</form-error-page>. And the page /loginError.jsp is an unprotected resource.
If Tomcat does not kill the session for me in my case described in my first message, how can I do that? Thanks, Cun -- View this message in context: http://www.nabble.com/Tomcat-5.5.23%3A-cannot-return-to-login-page---tf4393110.html#a12547181 Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]