#26 Multiple requests cause confusion...

[Anonymous]

When multiple requests to the secured web app are
made from the same browser (ie, by spawning two new
windows) each will naturally display the login page.
However, since the requested page is stored in the
session this results in the first window to login being
directed to the stored URL. All other windows will then
display the default page after login as there is no longer
a request URL stored in the session.
This situation seems quite likely to occur in a portal
environment where the user can build up a custom home
page referencing various pages from another secured
web app.
This behaviour also plagues Tomcat (one of the
reasons I switched to using SecurityFilter) and it's hard
to see a way around it from the perspective of the
Servlet specification. Perhaps a unique session key could
be passed to the login page from the filter which it can
then pass back to the login action to identify which
stored URL to use? Obviously I'm only thinking about
FORM authentication here!
I've tried this on v1.1 and v2.0a with similar results.

Regards,
KPSeal.