Hi! I have a filter that passes the username and password entered in the basic http authentication pop up dialog to a login.jsp which redirects to a servlet that does the actuall authentication. Since my authentication takes place somewhere else, I would like the basic http authentication pop up window to be displayed again if the authentication fails. I.e. the servlet to which I send the username and password redirects to the protected login.jsp if the user has entered an incorrect username or password. But since there's already an established authenticated session with tomcat regardless of what the users has entered, this will result in an infinte loop of reloads. So I need to somehow remove the authenticated session before I redirect to the authentication servlet, either from the filter or from the JSP. Does anyone know what I should do? I was thinking about removing the session cookies programatically from a my login.jsp, but when I tried removing them by hand in Firefox I still didn't see the pop up dialog. But removing the "authenticated sessions" in Firefox helped, so I'm looking for something like this.
Thanks, Johan
