permaculture playing cards
The moose likes Tomcat and the fly likes Form Authentication Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Form Authentication Security" Watch "Form Authentication Security" New topic

Form Authentication Security

Kevin Devenney

Joined: Jul 31, 2002
Posts: 5
Hi, I have been using the form base security form one of my web apps and I'm coming across a problem that randomly happens to various users.
The problem is when a user goes to the logon page, they login using the correct details but then get redirected to the "sorry - can't log you in" fail page. if i then login with the same details on another PC, this works fine. also if i restart the tomcat server and login on the pc that originally had the problem this will works fine. Like i said it is a random problem! Does anyone know of any caching issues with the form-based security, or have any other ideas what the problem might be?
David O'Meara

Joined: Mar 06, 2001
Posts: 13459

We had some wierdness with Websphere, but I don't think it was the same issues.
However, I do recommend using something that lets you watch the HTTP traffic. We tend to use HttpInspector.
This will let you make sure that the problem isn't in the session cookies or other http-side of the authentication process.
I agree. Here's the link:
subject: Form Authentication Security
It's not a secret anymore!