Keep having to login with container based authentaction.

Hi
I have written something using the j_security_check. Yet i keep having to login. My web.xml file looks like this:

<login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/loginFailed.jsp</form-error-page>
        </form-login-config>
    </login-config>

<security-role>
        <role-name>admin</role-name>
    </security-role>
    <security-role>
        <role-name>user</role-name>
    </security-role>

<security-constraint>
        <web-resource-collection>
            <web-resource-name>users</web-resource-name>
            <url-pattern>/normal/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>user</role-name>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>

<security-constraint>
        <web-resource-collection>
            <web-resource-name>users</web-resource-name>
            <url-pattern>/restricted/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>

I can get it to work if i only have a small number of jsps in the restricted in the directory.
Thanks in advance
Dean

Are your users defined in the tomcat.xml file ?

No in my database which it access as i can get logged in just when i come to do something once logged in i have to relogin.
Dean

Is your session tracking working ?

How do you mean i enabled session persistance on tomcat which uses a database and that works.
Dean

I mean is your browser passing the session ID between the requests ?

Yes it is.