-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark,
Mark Thomas wrote: | If you go directly to the login page Tomcat can't tell the difference | between that situation and when you go to a protected page, are | redirected to the login page and then take so long to log in the session | times out (the page you need to be sent back to is stored in the | session). The error message assumes that the session has timed out. Okay, so the Tomcat response is (expectedly) consistent. Thanks for stepping-in. Just out of curiosity, why does Tomcat not support drive-by logins? Is it merely because the spec leaves the behavior in that case ambiguous (there's no obvious target page to go to)? Many of securityfilter's users use it merely because it allows drive-by logins. We're happy to have them (!), but this seems like a reasonable feature to have in the core of Tomcat. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkigofcACgkQ9CaO5/Lv0PABBACeJDKRQss25b9pd7l5zbpSHO+2 fdUAn2rZ6uCUfWZ+5CEshnCzamREcXBQ =GDVs -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
