I am using TC 7.0 on a couple of servers. I have id/pw fields and a 'login' button at the top of all guest pages on my site. If the user clicks the login, it goes to a guest page that does the request.login() method call and then redirects to a protected page. If the login fails, the normal j_security login form stuff kicks in on the protected page and the user logs in the old way.
OK, this worked on one server for several months. It never worked on the other server. On that server, the request.login() succeeded according to the logs. But when it redirected to the protected page, the j_security login form would appear. I could log in from there and everything was fine. Then a couple of weeks ago, the server that was working just started doing the same thing. So now, the request.login() is useless. I am looking at the logs. The request.login() succeeded. And the request.getUserPrincipal() is the correct after the login on that page. But as soon as I redirect to another page, the userPrincipal is now null. I'm not saying I didn't have some configuration something wrong somewhere on one of the servers and now it's wrong on both. But I'm totally baffled. I have no clue what could be going wrong. I'm not invalidating the session or doing a request.logoff(). The sessionId is the same on the login page and the subsequent redirect page. And again, if I now login using the j_security form on the redirected target page, I'm logged in for the duration. So it's nothing like an invalid id/pw or anything (and it fails the same on all id/pws) My first question... am I totally wrong on my philosophy for using the request.login() method and redirecting to a protected page once logged in? It did work for months. So I assume that's not a fundamental design problem. If the design is ok, what's happening? The log shows I'm logged in at the end of one page that had the request.login() and then I'm not logged in at the beginning of the redirect target page. Any suggestions for what to try? How can I debug this? Thx.
