> From: Keith Masten [mailto:spmdt...@gmail.com] > Subject: Re: Securing A Directory Listing
> when I attempt to access the application with the > fictitious 'bob' user account, the standard login > dialog is presented to me over and over. Is your webapp discarding the session object? If so, stop that. Does your client disable cookies? If so, you'll need to use HttpServletResponse.encodeURL() to pass the session id as a parameter on the URL. Use Wireshark or a browser plug-in to see the real traffic being passed back and forth. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org