Christopher, Great news (for me), seems the problem was that because I was using relative linking and sending the credentials to log the user in to SOLR the links on the landing page were being recreated with the same credentials in them so I just put in direct link locations in and and for the most part the problem is solved. It also is more secure this way because turns out I was revealing the passwords that I was trying to keep hidden.
Thanks for the help! ~Matt > Christopher, > > I may have found a problem in the SOLR header.jsp file that I am using in > navigation. The header.jsp file might be trying to send headers, > unfortunately I am not in the same location as the server so I will have > to check this out tomorrow. > > I'll keep you posted, > > ~Matt > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Matthew, >> >> On 6/30/2010 8:20 PM, Matthew Mauriello wrote: >>> The behavior seems rather strange to me in fact, I've seen other >>> websites >>> run on what looks to be BASIC Authentication without popping these >>> browser >>> messages when leaving secured sections. >> >> Most websites use HTTP AUTH consistently, at least for a particular URL >> prefix. >> >>> See the http://user:passw...@website.com/SOLR is only used once and it >>> might actually be http://user:passw...@website.com/SOLR/ I have to look >>> into this. >>> >>> I feel like the authentication cookie is being created for the user and >>> then being forwarded to every page the user visits after that. >>> >>> I am hoping to find some way of preventing this behavior. >> >> Well, for starters, what web browser are you using? Can you give me a >> sample URL that I can use to play with a test version of your webapp? >> >> - -chris >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.10 (MingW32) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ >> >> iEYEARECAAYFAkwr76cACgkQ9CaO5/Lv0PACLQCgjmn6kpeN1L3uQPuxpUEbHT8C >> W/UAn1iaKySqcMfZNuttx7MjHYr6EqX4 >> =Yxdn >> -----END PGP SIGNATURE----- >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
