I am running Tomcat 6.0.18. My application uses form based authentication.
I am not sure how to handle the case where a user navigates to one of the secure page after logging in and Tomcat is restarted. The problem is that from the secured page, if the user clicks on any of the links after the restart, Tomcat will redirect to the login page (which is expected) and then, after the login, it will execute the code that it would normally execute when the user clicks on the link. The problem that I am facing is that since the application is using a new session, there might be some session based variables that are not initialized. Ultimately, if Tomcat is restarted, I would rather the user be redirected to a predetermined page (some kind of home page), but it seems that instead, and I believe this is as per the servlet spec, Tomcat displays the page information it had stored in its container before restarting. Any advice on how to best handle this? Martin
