You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ca...@kego.com on 2002/02/15 20:50:43 UTC

form based login+jdbc realm+url session tracking=broken login

_________________________________

I'm wondering if there are any developers who have seen this bug...

Under Tcat 4.x on a form-based login site with jdbcrealms, if you

have a user which doesn't have per-session cookies enabled

(so that he/she is using url session tracking)

Tomcat has this strange behavior where it sends the user

to the j_security_check page three times before letting them in



I submitted the bug as:
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6281



Have any active developers seen this problem?

The problem does not occur when I switch to memory-based realms,

so it appears to be a jdbcrealm specific issue.



If anyone has any ideas on things I should look for in the

jdbcrealm implementation, I would appreciate any hints

on trying to fix this.



Thanks,

Cameron Elliott