1) I have a servlet which authenticates the user and forwards the request & response to some page that accepts cookies. This works fine for the fist time and if I logout and try to login (in the same browser instance), authentication happens in the servlet but the forward doest seem to work and throws back to the same login page.
I'm not sure I have the answer, but I do have a couple of points.
Firstly I'm not sure why you're using getContext("/"). I hope the forward is occuring in the same context, so you shouldn't need it.
You may not need to forward, and in fact using sendRedirect may be better. The user visits the login page, submits credentials to the servlet, the servlet response writes the session cookie and redirects to the next page. The other advantage is that if the user reloads the page, they don't try to login again!
As I said not sure it helps, but I hope it's useful anyway. Dave
Joined: Dec 09, 2004
Hi dave, forgot to mention, the forward happens to a diffent web application in the same web container. For that reason, we used getContext("/").
If you have two web applications, call them A and B, then you need to log into them both individually. Logging into A does not log them into B, even if it does give them a cookie with a session ID that is shared between the two contexts. The session isn't shared either, again they may have the same session ID, but they can't see each other's data.
My understanding is that you have two contexts (I'm not sure why it's two and not all in one). The user logs into A, and after logging in successfully they are sent the 'forwarded' reponse from context B. I'm assuming that the security in B requires authentication to access the forwarded respnse (otherwise it would breach B's security). Since the user is logged into A but not B, this fails and B sends back the login page instead.
This is all still guesswork based on you description.
Now, depending on the container you're using, it may be possible to log the user into B from A using so custom API call, but I've never seen it. If the container supports SSO (single-sign-on) this may help, but what I've seen hasn't been to promising.
Not too much help I'm afraid. Dave
Joined: Dec 09, 2004
To make it more clear why there are more than one context
We have three different web apps say A, B and C. End - users can access any of this application with the same user id and password, by login in seperately.
The requirement is such that, authentication for all these users should happen via another web app lets say D, that will authenticate the user and if the user exists, then redirects the user to the corresponding page from where the user came in (A or B or C). If the user does not exist, then it will redirect to an error page. The user can again try login to the web - app from the error page. Upon submitting the page, the authentication happens through the web-app D and the same process continues...