Hi Mikolaj, the 2 cookies you're talking about are
JSessionID and JSessionIDSSO However, JSessionID is sent for encrypted sessions only (https), JSessionIDSSO for any type of connection. The request-headers do show, for each request only JSessionIDSSO is passed together with the response, not JSessionID. OK, but what does that tell me? The sequence for those two cookies is: 1. request to form-login (https): JSessionID is set 2. form-login is sent back by client, then HTTP302 to root of application: JSessionID and JSessionIDSSO are sent back with the response 3. Any further request after authorization, only JSessionIDSSO is passed together with either request / response. However, I do not see what this could have to do with my pronlem. My understanding is, that JSessionIDSSO replaces JSessionID once authorization is ok and SingleSignLogonValve is specified. Anyway, is somebody here in the list who has the SingleSignOnLogonValve activated and can confirm that the session prolongs after any user-activity? Cheers Gregor -- what's puzzlin' you, is the nature of my game gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
