On Fri, Jul 20, 2012 at 7:06 PM, Pid * <p...@pidster.com> wrote: > On 20 Jul 2012, at 03:38, Brett Mason <b.ma...@adinstruments.com> wrote: > > Could someone please clarify if Tomcat supports forms authentication > > without cookies? If it is intended to be a supported configuration I'm > > happy to submit a bug report and can provided a simple standalone test > app > > to reproduce the problem. > > Form auth should work regardless of where the session id lives. > > Is the login form an HTML or JSP page? A session must be created > before you can login, it sounds like Tomcat isn't seeing one during > the first login. > > The login page is a JSP (via a Servlet). We use the JSTL <c:url> tag to generate the post URL which appears to be adding a valid sessionID:
<form method="post" action="<c:url value="j_security_check"/>"> Thanks, Brett.
